Post SMTP, AI Engine, and Gravity Forms are affected by critical vulnerabilities, while The Events Calendar continues to face a recurring flaw. It’s time to review your updates and strengthen your WordPress site with a reliable CDN — see more below.

Immediate attention is required for these widely used plugins, led by Post SMTP and AI Engine, each with a high-severity score of 9.8/10.

Post SMTP Plugin
Broken Authentication; 9.8/10; Update to v3.6.1+

AI Engine Plugin
Privilege Escalation; 9.8/10; Update to v3.1.4+

The Events Calendar Plugin
SQL Injection; 9.3/10; Update to v6.15.10+

Gravity Forms Plugin
Arbitrary File Upload; 9.0/10; Update to v2.9.21+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Widespread use makes these plugins a prime target. Keep your site safe—update now.

ShopLentor Plugin
Local File Inclusion; 8.1/10; Update to v3.2.6+

Advanced Ads Plugin
Arbitrary Code Execution; 7.3/10; Update to v2.0.13+

Spectra Plugin
XSS; 6.5/10; Update to v2.19.15+

TablePress Plugin
XSS; 6.5/10; Update to v3.2.5+

JetElements For Elementor Plugin
XSS; 6.5/10; Update to v2.7.12.1+

Ad Inserter Plugin
XSS; 6.5/10; Update to v2.8.8+

Orbit Fox by ThemeIsle Plugin
XSS; 5.9/10; Update to v3.0.3+

Everest Forms Pro Plugin
PHP Object Injection; 5.6/10; Update to v1.9.8+

Download Manager Plugin
Broken Access Control; 5.3/10; Update to v3.3.31+

Envira Photo Gallery Plugin
Broken Access Control; 4.3/10; Update to v1.12.0+

Depicter Slider Plugin
Broken Access Control; 4.3/10; Update to v4.0.5+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Not as widely used, these plugins are at high risk regardless—one remains unpatched.

KiotViet Sync Plugin
Arbitrary File Upload; 10/10; No fix; Remove/or replace.

Tablesome Plugin
Arbitrary File Upload; 10/10; Update to v1.3.33+

WP Delicious Plugin
Arbitrary File Upload; 9.9/10; Update to v1.9.1+

Asgaros Forum Plugin
SQL Injection; 9.3/10; Update to v3.2.0+

Better Find and Replace Plugin
Arbitrary Code Execution; 8.8/10; Update to v1.7.8+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#4 – Our blog: Using CDNs to Improve WordPress Security

CDNs speed up WordPress sites while providing security by filtering malicious traffic before it reaches the server. Without a CDN, all visitors connect directly, increasing attack risk and server load. They protect your site and boost performance simultaneously.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress