With Elementor leading the vulnerability chart again, we’re covering what fixes are needed, why automatic WordPress backups are a must, and the rising risk of WooCommerce backdoors.

These plugins aren’t under heavy threat, but given their popularity, they’re worth keeping on your radar.

Element Pack Elementor Addons Plugin
XSS; 6.5/10; Update to v5.10.30+

Admin and Site Enhancements (ASE) Plugin
Bypass Vulnerability; 5.3/10; Update to v7.6.10+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Even with limited usage, these plugins and themes pose a high security risk, and most remain unpatched.

PowerPress Podcasting Plugin
Arbitrary File Upload; 9.9/10; Update to v11.12.6+

JupiterX CorePlugin
PHP Object Injection; 9.8/10; Update to v4.8.12+

Grand Restaurant WordPress Theme
PHP Object Injection; 9.8/10; No fix; Remove/or replace.

Service Finder Booking Plugin
Privilege Escalation; 9.8/10; Update to v6.0+

Altair Theme
PHP Object Injection; 9.8/10; No fix; Remove/or replace.

CiyaShop Theme
PHP Object Injection; 9.8/10; No fix; Remove/or replace.

Fable Extra Plugin
Local File Inclusion; 9.8/10; No fix; Remove/or replace.

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Fake Security Patch Opens Backdoor on WooCommerce Sites

WooCommerce users are targeted by a phishing scam, where downloading a fake “security patch” installs a plugin that grants persistent access to their sites.

More Info →

#4 – Our blog: How to Easily Set Up Automatic WordPress Backups

WordPress sites change daily, making regular backups essential for security. Manual backups aren’t practical, but automation offers an easy, hands-off solution.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress