WordPress plugins and themes, both big and small, continue to expose security risks—one affects 5+ million installs. Plus, discover how to spot and tackle malware threats, from our blog.
#1 – Security Risks in Popular Plugins
A few popular plugins with security weaknesses—check your versions to stay secure.
All-in-One WP Migration Plugin
PHP Object Injection; 7.5/10; Update to v7.90+
Ad Inserter Plugin
XSS; 7.1/10; Update to v2.8.1+
ShopLentor Plugin
XSS; 6.5/10; Update to v3.1.1+
GDPR Cookie Compliance Plugin
CSRF; 5.9/10; Update to v4.15.7+
LoginPress Plugin
CSRF; 5.4/10; Update to v4.0.0+
ShareThis Dashboard for Google Analytics Plugin
Broken Access Control; 5.4/10; Update to v3.2.2+
PageLayer Plugin
Broken Access Control; 4.3/10; Update to v2.0.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Security Risks in Less Popular Plugins & Themes
Small names, but big risks in these plugins and themes.
WP JobHunt Plugin
Broken Authentication; 9.8/10; No fix; Remove/or replace.
Workreap Theme
Privilege Escalation; 9.8/10; Update to v3.2.6+
Civi Theme
Broken Authentication; 9.8/10; No fix; Remove/or replace.
AnalyticsWP Plugin
SQL Injection; 9.3/10; Update to v2.1.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: Shield Your WordPress Site from Malware Attacks
Malware quietly infects WordPress sites, draining server resources and leaving them vulnerable to hackers. Prompt identification and fixing are crucial.
We examine leading malware scanners for detection, removal, and patching, along with security benefits, as no scanner can protect your site alone.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
