Attackers aren’t slowing down. This week brings new plugin vulnerabilities and a critical 10/10 Breeze Cache risk.
From brute force to hidden malware, our blog below explores what’s targeting your site, and how to stop it.
#1 – Critical Security Risks in Popular Plugins
Extremely critical risks in these plugins are spreading fast, exposing nearly a million sites. Updating now is your quickest path to safety.
Breeze Cache Plugin
Arbitrary File Upload; 10/10; Update to v2.4.5+
Responsive Slider by MetaSlider Plugin
RCE; 9.1/10; Update to v3.107.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins and Themes
These plugins and theme are part of a large-scale exposure event, with Avada leading at 1M+ impacted installations. Don’t delay patching.
Anti-Malware Security and Brute-Force Firewall Plugin
PHP Object Injection; 8.8/10; Update to v4.23.88+
Templately Plugin
Sensitive Data Exposure; 7.7/10; Update to v3.6.2+
ExactMetrics Plugin
Broken Access Control; 7.2/10; Update to v9.1.3+
ShortPixel Image Optimizer Plugin
PHP Object Injection; 7.2/10; Update to v6.4.4+
WooCommerce PDF Invoices & Packing Slips Plugin
PHP Object Injection; 7.2/10; Update to v5.9.0+
Modula Image Gallery Plugin
PHP Object Injection; 7.2/10; Update to v2.14.19+
GiveWP Plugin
XSS; 7.1/10; Update to v4.14.3+
Royal Elementor Addons Plugin
XSS; 5.9/10; Update to v1.7.1057+
HubSpot Plugin
Broken Access Control; 4.3/10; Update to v11.3.33+
Avada Theme
CSRF; 4.3/10; Update to v7.13.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Multiple plugins are affected, but one unpatched stands out as the most dangerous — capable of serious damage if ignored.
GeekyBot Plugin
Arbitrary File Upload; 10/10; Update to v1.2.3+
FunnelFormsPro Plugin
RCE; 9.9/10; No fix; Remove/or replace.
ListingPro Plugin
SQL Injection; 9.3/10; Update to v2.9.11+
Contest Gallery Plugin
SQL Injection; 9.3/10; Update to v28.1.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: WordPress Security Gaps Hackers Love to Exploit
Every unprotected WordPress site invites malware, data leaks, and costly recovery work. We break down 6 core attack methods and see how to fix the gaps that make them possible.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
