WordPress Vulnerabilities, Malware Threats; & Recovery Guide

April 7, 2025 by Paul G. | Security, ShieldNOTES

From unpatched vulnerabilities to hidden malware in the ‘mu-plugins’ directory, this roundup covers recent WordPress security threats, with a link to our recovery guide in case things go wrong.

#1 – Security Risks in Popular Plugins

Many sites face risks from these unpatched plugins, with CMP leading as the top threat.

CMP – Coming Soon & Maintenance Plugin
Arbitrary File Upload; 9.1/10; No fix; Remove/or replace.

ShareThis Dashboard for Google Analytics Plugin
CSRF; 4.3/10; No fix; Remove/or replace.

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#2 – High Security Risks in Less Popular Plugins & Themes

With two open flaws, these plugins and themes are a prime target for ongoing exploitation.

Front End Users Plugin
Arbitrary File Upload; 10/10; Removed from wp.org; No fix; Remove/or replace.

Bloggie Theme
Arbitrary File Upload; 9.9/10; No fix; Remove/or replace.

tagDiv Composer Plugin
PHP Object Injection; 9.8/10; Update to v5.4+

Woffice Theme
Privilege Escalation; 9.8/10; Update to v5.4.22+

Product Filter by WBW Plugin
SQL Injection; 9.3/10; Update to v2.8.0+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Masked WordPress Malware in Must-Use Plugins

Hackers are hiding malware in WordPress ‘mu-plugins’ directory to avoid detection.

Must-Use plugins load automatically, don’t need activation, and aren’t visible in the standard plugin interface. This makes the directory a prime target for stealthy infections on compromised sites.

More Info →

#4 – Our blog: WordPress Database Backup Recovery Guide

Crashed sites, cybercrime hacks, or data loss may leave you needing to recover your WordPress site.

Discover simple to complex recovery methods, including configuration and security checks. You’ll never stress about WordPress recovery again.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials

@kittentaboo

Works great for us

I installed this plugin and a few other safeguards after my client’s site got hacked. This plugin was easy to set up and is working well for us. I periodically check the Audit Trail Viewer to see how hackers are trying to get in. The plugin gives you tools to…

@simonlampen

Great Plugin

Thanks team, you have a great plugin there. It has radically improved out site security and reduced pesky attack attempts. Well done!

@bosibbern

Working perfectly

UPDATE 11-18-2015: Had to deactivate it after the update because it slowed my blog to a crawl.. UPDATE 11-20-2015: Reinstalled it and amazingly my problems went away 🙂

@karpira

Quality security solution!

It’s easy to use and well organized. It has precise self-service guiding contents, and includes all features you may expect from a WordPress security solution with great protection. Thank you to developers!

ESSENTIAL WORDPRESS SECURITY NEWS

Get ShieldNOTES, our excellent weekly WordPress security newsletter!

WordPress Vulnerabilities, Malware Threats; & Recovery Guide

#1 – Security Risks in Popular Plugins

#2 – High Security Risks in Less Popular Plugins & Themes

#3 – Masked WordPress Malware in Must-Use Plugins

#4 – Our blog: WordPress Database Backup Recovery Guide

Works great for us

Great Plugin

Working perfectly

Quality security solution!

Leave a Comment Cancel reply

Related Stories

High Risk Plugins; & Expert Advice for Faster, Safer WordPress Sites; & 2.5 Billion Gmail Accounts at Risk

ShieldNOTES Ep#20: WP.org Supply Chain Attack; ACF & CF7 Vulnerabilities; Password Security

ShieldNOTES Ep#12: Big vulnerabilities, PHP Upgrades, and Passkeys

ESSENTIAL WORDPRESS SECURITY NEWS