It’s not déjà vu – you really are seeing LiteSpeed, WPForms, and Ultimate Member in our ShieldNOTES yet again.
Ever heard of ShieldBACKUPS? It’s coming soon! And we share an article below on WordPress backups to show why it’s necessary.
#1 – Unpatched Popular Plugins at Risk
These plugins with no-fix yet put up to 500,000+ sites at risk. Ensure yours is secure.
WordPress Review Plugin
Local File Inclusion; 8.8/10; Removed from wp.org; No fix; Remove/or replace.
Ultimate Member Plugin
Arbitrary Code Execution; 5.5/10; No fix; Remove/or replace.
Advanced File Manager Plugin
Broken Access Control; 5.3/10; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Patched Popular Plugins at Risk
These plugins power millions of sites—and that’s exactly why attackers love them. The risks are real, the exposure is massive, and the time to update is now.
Contact Form by WPForms Plugin
XSS; 6.5/10; Update to v1.9.5.1+
Jeg Elementor Kit Plugin
XSS; 6.5/10; Update to v2.6.13+
LiteSpeed Cache Plugin
SSRF; 6.4/10; Update to v7.1+
MailPoet Plugin
XSS; 5.9/10; Update to v5.5.2+
Coming Soon Page, Under Construction & Maintenance Mode by SeedProd Plugin
Broken Access Control; 4.3/10; Update to v6.18.16+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
They’re not plugin celebrities, but they still bring some serious chaos. Time to fix what’s quietly breaking things.
Drag and Drop Multiple File Upload for WooCommerce Plugin
Arbitrary File Upload; 10/10; Update to v1.1.7+
Envolve Plugin
Arbitrary File Upload; 10/10; Update to v1.1.0+
IMITHEMES Listing Plugin
Privilege Escalation; 9.8/10; Update to v3.4+
Eventin Plugin
Privilege Escalation; 9.8/10; Update to v4.0.27+
SMS Alert Order Notifications – WooCommerce Plugin
SQL Injection; 9.3/10; No fix; Remove/or replace.
BEAF Plugin
Arbitrary File Upload; 9.1/10; Update to v4.6.11+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: WordPress Database Backup & Recovery Guide
One buggy plugin or failed update can break your WordPress site in seconds. Relying on your host isn’t enough. Taking control with your own database backup is the only way to stay prepared when things go wrong,
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
