Recently, a vulnerability in the MalCare plugin was disclosed to our team by a security researcher. We responded to the security researcher, after conducting our due diligence. 

In the rare situation, where a site has a pre-existing, high severity SQL injection vulnerability, an attacker might be able to read the MalCare key. To address such issues, we are further strengthening our authentication systems.

Authentication is a critical system and any improvements must be done in a careful manner. We have reviewed various plugins and best practices in our ecosystem to come up with our solution.

In light of the current public discourse, we are expediting the update of our plugin. We will initiate a rollout by EOD. All your sites will be automatically updated with the latest MalCare plugin as normal.

The MalCare firewall is enabled by default on your site. It includes rules that protect your site from such high-severity SQL injection attacks. 

We have seen no evidence of any malicious activities. 

We appreciate the work that security researchers put in, and we thank Calvin for his efforts. 

Please reach out to our support if you have any questions or concerns.

The post MalCare Releases Plugin Update with Improved Authentication Systems appeared first on MalCare.

Posted in

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations