Big-name plugins like UpdraftPlus and Envato are in the spotlight this week, alongside recurring vulnerabilities with WPForms.
In addition, we’ve spotted a free Beginner WordPress Designer course that was launched for aspiring designers.
#1 – Security Risks in Popular Plugins
These frequently used plugins are affecting millions of sites, making timely updates crucial.
Contact Form 7 Database – CFDB7 Plugin
SQL Injection; 7.6/10; No fix; Remove/or replace.
WordPress Popular Posts Plugin
Arbitrary Code Execution; 7.3/10; Update to v7.2.0+
UpdraftPlus Plugin
PHP Object Injection; 7.2/10; Update to v1.24.12+
Astra Widgets Plugin
XSS; 6.5/10; Update to v1.2.16+
Pods Plugin
XSS; 5.9/10; Update to v3.2.8.1+
Contact Form by WPForms Plugin
Broken Access Control; 4.3/10; Update to v1.9.2.3+
WPvivid Backup and Migration Plugin
Broken Access Control; 4.3/10; Update to v0.9.107+
Envato Elements Plugin
SSRF; 4.1/10; Update to v2.0.15+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Security Risks in Less Popular Plugins
Two with no fix, these smaller-scale plugins still bring considerable security challenges.
Backup Migration Plugin
PHP Object Injection; 9.8/10; Update to v1.4.6.1+
ARPrice Plugin
PHP Object Injection; 9.8/10; No fix; Remove/or replace.
WP Ultimate Exporter Plugin
RCE; 9.1/10; Update to v2.9.2+
Fancy Product Designer Plugin
Arbitrary File Upload; 9.0/10; No fix; Remove/or replace.
WP Project Manager Plugin
SQL Injection; 8.5/10; Update to v2.6.17+
Email Subscribers & Newsletters Plugin
SQL Injection; 7.6/10; Update to v5.7.44+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – WP Training Team Launches Free Beginner Designer Course
The Training Team’s free Beginner WordPress Designer course helps new designers create professional websites. It covers block themes, style guides, and web design best practices in 24 lessons, taking about 4 hours to complete.
#4 – Our blog: Using CDNs to Boost WordPress Security
CDNs represent a vital layer in modern WordPress security architecture. Implementing this alongside other security measures creates a strong defence system that protects your site and users.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
