When popular plugins like LatePoint and Amelia reach a 9.3/10 threat level, it’s a clear sign the WordPress ecosystem is under pressure. This week, we bring you key plugin vulnerability insights and a hand‑picked guide to building a sustainable WordPress security plan.
#1 – High Security Risks in Popular Plugins
These plugins include exploitable vulnerabilities that reach over 200,000 live sites. Updating now is an important step to staying secure.
LatePoint Plugin
SQL Injection; 9.3/10; Update to v5.6.4+; Recurring 8×
Amelia Plugin
SQL Injection; 9.3/10; Update to v2.4.3+; Recurring 4×
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins
These plugins don’t look dramatic, yet their impact reaches millions of sites. Updating them regularly quietly reduces risk while your visitors simply enjoy a stable site.
LoginPress Pro Plugin
Broken Authentication; 8.1/10; Update to v6.2.4+; Recurring 2×
Event Tickets Plugin
Broken Access Control; 7.5/10; Update to v5.28.5.1+; Recurring 2×
Forminator Plugin
Arbitrary File Download; 7.5/10; Update to v1.55.1+; Recurring 3×
WP Google Maps Pro Plugin
XSS; 7.1/10; Update to v10.1.03+
Unlimited Elements For Elementor Plugin
XSS; 7.1/10; Update to v2.0.13+; Recurring 4×
Ad Inserter Plugin
XSS; 6.5/10; Update to v2.8.12+; Recurring 2×
Jeg Elementor Kit Plugin
XSS; 6.5/10; Update to v3.2.7+; Recurring 5×
Anti-Malware Security and Brute-Force Firewall Plugin
XSS; 5.8/10; Update to v4.23.90+; Recurring 2×
FluentForm Plugin
Broken Access Control; 5.4/10; Update to v6.2.2+; Recurring 5×
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins and Themes
Even less popular plugins and themes can open serious holes in your site’s defences. Take action so they don’t become your weakest link.
Super Forms Plugin
Arbitrary File Upload; 10/10; Update to v6.3.314+
Realtyna Organic IDX Plugin
RCE; 10/10; Update to v5.3.0+
Aimogen Pro Plugin
Arbitrary File Upload; 10/10; Update to v2.8.3.1+
MailOptin Plugin
Privilege Escalation; 9.8/10; Update to v1.2.78.0+
Directorist Plugin
PHP Object Injection; 9.8/10; Update to v8.8.3+
Grand Photography Theme
PHP Object Injection; 9.8/10; No fix; Remove/or replace.
Buddyboss Platform Plugin
SQL Injection; 9.3/10; Update to v3.1.0+; Recurring 2×
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Your No-Nonsense Guide to WordPress Security Updates
Stay ahead with our detailed WordPress security patch guide—maintain site integrity and navigate patches with ease.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress