The WordPress ecosystem continues to face growing vulnerabilities, led by critical bugs in Smart Slider 3 and Blocksy Companion. This update also covers trends in outsourced WordPress support and a new AI CMS built with security in mind.

These two plugins are affected by severe vulnerabilities, potentially exposing 1+ million WordPress sites. Apply updates to stay ahead of threats.

Smart Slider 3 PRO Plugin
Backdoor; 10/10; Update to v3.5.1.36+

Blocksy Companion Pro Plugin
SQL Injection; 9.3/10; Update to v2.1.29+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Millions of sites could be exposed through these plugins, with WP-Optimize alone affecting more than 1 million installs. Update to stay safe.

WooCommerce Cart Abandonment Recovery Plugin
Privilege Escalation; 7.2/10; Update to v2.1.0+

Gravity Forms Plugin
XSS; 7.1/10; Update to v2.9.31+

PageLayer Plugin
XSS; 6.5/10; Update to v2.0.9+

Download Manager Plugin
XSS; 6.5/10; Update to v3.3.53+

Beaver Builder Plugin
XSS; 5.9/10; Update to v2.10.1.2+

WP-Optimize Plugin
Broken Access Control; 5.4/10; Update to v4.5.1+

Query Monitor Plugin
XSS; 7.1/10; Update to v3.20.4+

YITH WooCommerce Wishlist Plugin
IDOR; 5.3/10; Update to v4.13.0+

Aruba HiSpeed Cache Plugin
CSRF; 4.3/10; Update to v3.0.5+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

These high-risk plugins may affect over 150,000 sites to security threats. Ensure they are updated.

Simply Schedule Appointments Plugin
SQL Injection; 9.3/10; Update to v1.6.9.29+

WP Maps Plugin
SQL Injection; 9.3/10; Update to v4.9.2+

Form Maker by 10Web Plugin
SQL Injection; 9.3/10; Update to v1.15.39+

GeekyBot Plugin
SQL Injection; 9.3/10; Update to v1.2.1+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#4 – AI CMS by Cloudflare Takes on WordPress Security

Cloudflare introduces EmDash CMS, an AI-powered platform built to fix WordPress security flaws with sandboxed plugins, serverless scaling, and passkey auth.

More Info →

#5 – Our blog: Outsource WordPress Support Without Losing Control

Learn how to outsource WordPress support without losing control. Covers model fit, briefs, pricing, security, and partner vetting for agencies and site owners.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress