This is a fresh roundup of plugin and theme vulnerabilities with key maintenance steps to keep your WordPress site secure, reliable, and performing at its best.

These plugins aren’t heavily affected, but their popularity makes them important to monitor.

Post SMTP Plugin
SQL Injection; 7.6/10; Update to v3.1.3+

The Plus Addons for Elementor Page Builder Lite Plugin
XSS; 6.5/10; Update to v6.2.3+

FooGallery Plugin
XSS; 6.5/10; Update to v2.4.30+

Advanced File Manager Plugin
XSS; 6.5/10; Update to v5.3.0+

Download Manager Plugin
Sensitive Data Exposure; 5.3/10; Update to v3.3.07+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

These plugins/themes carry high security risks, especially 2 that remain unaddressed.

Javo Core Plugin
Privilege Escalation; 9.8/10; Update to v3.0.0.266+

InWave Jobs Plugin
Privilege Escalation; 9.8/10; Removed from wp.org; No fix; Remove/or replace.

Golo Theme
Broken Access Control; 9.8/10; Update to v1.6.11+

WPCOM Member Plugin
Privilege Escalation; 9.8/10; Update to v1.7.6+

WP-Recall Plugin
SQL Injection; 9.3/10; Update to v16.26.12+

miniOrange Social Login and Register Pro Addon Plugin
Broken Authentication; 8.1/10; No fix; Remove/or replace.

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: Essential Tips for WordPress Website Maintenance

Visitor trust relies on the reliability and performance of your WordPress site. Regular maintenance is key to keeping it secure and running smoothly, going beyond bug fixes and updates. It ensures a smooth user experience and protects both you and your audience online.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress