This week’s security updates reveal flaws in popular plugins, including Rank Math SEO, impacting more than 3M sites. PeepSo is exiting the wp.org.
#1 – Popular Plugins Under Attack
Though less severe, these plugins still pose a threat to millions of sites.
Rank Math SEO Plugin
RCE; 7.2/10; Update to v1.0.232+
Formidable Forms Plugin
XSS; 7.1/10; Update to v6.16.2+
Ultimate Member Plugin
Broken Access Control; 4.3/10; Update to v2.9.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Security Risks in Less Popular Plugins
One suspended with no fix, these less popular plugins still carry high security risks.
School Management Pro Plugin
Arbitrary File Upload; 10/10; Update to v92.0.0+
WPGYM Plugin
Arbitrary File Upload; 10/10; Update to v67.2.0+
Social Login Plugin
Privilege Escalation; 9.8/10; Removed from wp.org; No fix; Remove/or replace.
Tutor LMS Plugin
SQL Injection; 9.3/10; Update to v2.7.7+
LA-Studio Element Kit for Elementor Plugin
Local File Inclusion; 8.8/10; Update to v1.4.3+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – PeepSo Leaves WP Repo After Vulnerability Issue
PeepSo was temporarily suspended from wp.org due to vulnerabilities found in their demo site, although they claim the issue was not in the core plugin, and it has since been fixed. The suspension disrupted their release cycle. Users should manually update to v7.0.0.0 and expect future updates directly from their servers.
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
