Active exploitation of security vulnerabilities in popular plugins leaves millions of sites at high risk. We debunk the WP version masking myth with smarter hiding tips.
#1 – Popular Plugins with High Security Risk
The plugins below pose an extremely high severity risk, affecting millions of sites.
Really Simple SSL Plugin (Free, Pro & Pro Multisite)
Broken Authentication; 9.8/10; Update to v9.1.2+
RWPvivid Backup and Migration Plugin
PHP Object Injection; 9.8/10; Update to v0.9.108+
Advanced Order Export For WooCommerce Plugin
PHP Object Injection; 9.8/10; Update to v3.5.6+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Popular Plugins with Lower Security Risk
While not of highest risk, these plugins—1 with no fix—affect over 8 million sites.
Post SMTP Plugin
SQL Injection; 7.6/10; No fix; Remove/or replace.
Hide My WP Ghost Plugin
XSS; 7.1/10; Update to v5.3.02+
WP Activity Log Plugin
XSS; 7.1/10; Update to v5.2.2+
Essential Addons for Elementor Plugin
Sensitive Data Exposure; 6.8/10; Update to v6.0.10+
Contact Form by WPForms Plugin
CSRF; 4.3/10; Update to v1.9.2.1+
WP Chat App Plugin
Broken Access Control; 4.3/10; Update to v3.6.9+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
These plugins, 2 with no official fix, may be less popular but carry high security risks.
WooCommerce Upload Files Plugin
Arbitrary File Upload; 9.8/10; Update to v84.4+
Automation By Autonami Plugin
SQL Injection; 9.3/10; Update to v3.3.0+
Popup by Supsystic Plugin
RCE; 9.1/10; No fix; Remove/or replace.
Real 3D FlipBook WordPress Plugin
Arbitrary File Upload; 9.1/10; Update to v4.8.5+
BulkPress Plugin
XSS; 7.1/10; Removed from wp.org; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our Blog: How to Disguise Your WordPress Site
Hiding your WordPress version may seem like a good security measure, but it provides little real protection. Instead of relying on this superficial fix, explore stronger and more effective security practices to address actual vulnerabilities.
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
