SureTriggers is back to the high-risk radar after a quiet week, with other plugins on the horizon. For those dealing with disabling WordPress pingbacks, don’t miss our blog for the full guide.
#1 – Security Risks in Popular Plugins
Top plugins, top risks—make sure you’re using the latest version.
SureTriggers Plugin
Privilege Escalation; 9.8/10; Update to v1.0.83+
Multilingual CMS Plugin
XSS; 6.5/10; Update to v4.7.4+
SureForms Plugin
XSS; 5.9/10; Update to v1.4.4+
WP Statistics Plugin
Broken Access Control; 5.4/10; Update to v14.13.4+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Fewer users, yet bigger risks—don’t overlook these plugins.
OTP-less one tap Sign in Plugin
Privilege Escalation; 9.8/10; Removed from wp.org; No fix; Remove/or replace.
Ads Pro Plugin
SQL Injection; 9.3/10; Update to v4.89+
Ultimate Auction Pro Plugin
SQL Injection; 9.3/10; Update to v1.5.3+
Advance Seat Reservation Management for WooCommerce Plugin
SQL Injection; 9.3/10; Update to v3.4+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: Disable Pingbacks on WordPress
Pingbacks might seem easy to turn off, but WordPress doesn’t fully disable them by default. That leaves your site open to attacks. We guide you through a simple shutdown.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
