There’s a few ultra critical vulnerabilities this week, with some removed from the WP repo.

You can check out the upcoming WP virtual conference and uncover the “Security Through Obscurity” myth from our blog archive.

These high-profile plugins and theme are being targeted; 1 plugin stands out as a major risk due to missing fixes.

SEO Plugin by Squirrly SEO
Broken Access Control; 7.1/10; No fix; Remove/or replace.

Site Mailer Plugin
XSS; 7.1/10; Update to v1.2.4+

Chaty Plugin
XSS; 6.5/10; Update to v3.3.6+

Essential Blocks for Gutenberg Plugin
XSS; 6.5/10; Update to v5.3.0+

Enfold Theme
SSRF; 6.4/10; Update to v7.0+

NextGEN Gallery Plugin
XSS; 5.9/10; Update to v3.59.9+

Advanced Google reCAPTCHA Plugin
Bypass Vulnerability; 5.3/10; Update to v1.28+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

These less popular plugins and theme often fly under the radar, but they still pose significant security risks, particularly 2 that remained unpatched.

WooCommerce Ultimate Gift Card Plugin
Arbitrary File Upload; 10/10; Removed from wp.org; No fix; Remove/or replace.

DHVC Form Plugin
Privilege Escalation; 9.8/10; Update to v2.4.8+

WHMpress Plugin
Local File Inclusion; 9.8/10; Update to v6.3+

Academist Membership Plugin
Broken Authentication; 9.8/10; Update to v1.2+

Templines Elementor Helper Core Plugin
Privilege Escalation; 8.8/10; Update to v2.8+

Traveler Theme
Local File Inclusion; 8.8/10; No fix; Remove/or replace.

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – WP:25 Virtual Conference

A free online conference starting this Thursday, March 6th, will highlight why WordPress remains a leading platform in 2025, along with research updates and the key topics that enterprise brands must focus on for the year ahead.

How can I get involved?
You can signup and join the LiveStreams when they’re announced.

More Info →

#4 – Our blog: Security Through Obscurity: Does It Work?

We clear up common WordPress security myths often raised at Shield, focusing on the tactic known as “Security Through Obscurity” and how it’s often used with WordPress.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress