Several high-traffic plugins, including CleanTalk’s anti-spam, are facing significant security risks.
Meanwhile, WordPress introduces a new plugin with free ACF Pro features.
#1 – Popular Plugins with High Security Risk
The plugins below pose an extremely high severity risk.
Widget Options Plugin
RCE; 9.9/10; Update to v4.0.8+
FluentSMTP Plugin
PHP Object Injection; 9.8/10; Update to v2.2.83+
Spam protection, AntiSpam, FireWall by CleanTalk Plugin
Broken Authentication; 9.8/10; Update to v6.44+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Popular Plugins with Lower Security Risk
While not of highest risk, this plugin impacts 100,000+ sites.
Sassy Social Share Plugin
XSS; 7.1/10; Update to v3.3.70+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Though less popular, these plugins carry considerable security risks.
RegistrationMagic Plugin
Privilege Escalation; 9.8/10; Update to v6.0.2.7+
JobSearch Plugin
Privilege Escalation; 9.8/10; Update to v2.6.8+
Contest Gallery Plugin
Privilege Escalation; 9.8/10; Update to v24.0.8+
AppPresser Plugin
Privilege Escalation; 9.8/10; Update to v4.4.7+
WordPress Security & Malware scan by CleanTalk Plugin
SQL Injection; 9.3/10; Update to v2.145.1+
Total Upkeep Plugin
RCE; 9.1/10; Update to v1.16.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Wp.org launches ‘Secure Custom Fields’ plugin with free ACF Pro features
WordPress has introduced the “Secure Custom Fields” plugin, which offers ACF Pro-like features such as repeaters, flexible content, and ACF Blocks. It was created as a free alternative due to security and licensing concerns with the ACF plugin.
#5 – Our Blog: Proven tips securing your WordPress REST API
WordPress REST APIs can be vulnerable to data breaches and unauthorised access without proper security measures. Practical strategies help defend against bot traffic and code injection.
Thanks for reading, and have a great week!
Paul Goodchild
Shield Security for WordPress
