It’s been a hectic week in WordPress security, with several top plugins flagged—TI WooCommerce Wishlist scoring a critical 10/10 and no patch in sight.
We’ve released ShieldBACKUPS, and you can also check out our blog about the benefits of regular updates and safe update practices.
#1 – ShieldBACKUPS(beta) is here!
We’re excited to announce the launch of ShieldBACKUPS, the newest addition to our family! ShieldBACKUPS delivers secure, automated, and truly stress-free WordPress backups, giving peace of mind that your site data is safe.
Unlike traditional solutions, ShieldBACKUPS stores your site data independently of your web host, ensuring backups stay safe, no matter what.
There’s no need to configure cloud providers – ShieldBACKUPS handles everything for you, storage included. If disaster strikes and you need to restore, just download a zip file containing all your site data – simple! ShieldBACKUPS is available now for all Shield PRO Plus customers.
Discover more about ShieldBACKUPS →
#2 – High Security Risks in Popular Plugin
100,000+ sites vulnerable with highest severity; attackers can upload any file, no patch yet.
TI WooCommerce Wishlist Plugin
Arbitrary File Upload; 10/10; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Lower Security Risks in Popular Plugins
WooCommerce, Jetpack, and other plugins below are vulnerable to XSS attacks, putting millions of sites at risk.
Update ASAP to avoid potential risks.
WooCommerce Plugin
XSS; 7.1/10; Update to v9.3.4+
Jetpack Plugin
XSS; 6.5/10; Update to v13.8+
Jetpack Boost Plugin
XSS; 6.5/10; Update to v3.4.8+
TablePress Plugin
XSS; 6.5/10; Update to v3.1.3+
The Events Calendar Plugin
XSS; 5.9/10; Update to v6.6.4+
PageLayer Plugin
XSS; 5.9/10; Update to v1.9.0+
Photo Gallery by 10Web Plugin
XSS; 5.9/10; Update to v1.8.29+
Everest Forms Plugin
XSS; 5.9/10; Update to v3.0.3.1+
Hustle Plugin
XSS; 5.9/10; Update to v7.8.5+
WP Content Copy Protection & No Right Click (premium) Plugin
XSS; 5.9/10; Update to v15.3+
Tracking Code Manager Plugin
XSS; 5.9/10; Update to v2.3.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – High Security Risks in Less Popular Plugins
Not as widely used, but these plugins are facing highly severe exploits—most with no fix yet.
Crawlomatic Multisite Scraper Post Generator Plugin
Arbitrary File Upload; 10/10; Update to v2.6.8.2+
Echo RSS Feed Post Generator Plugin
Arbitrary File Upload; 10/10; Update to v5.4.8.2+
WordPress Events Calendar Registration & Tickets Plugin
PHP Object Injection; 9.8/10; No fix; Remove/or replace.
WPBot Pro WordPress Chatbot Plugin
PHP Object Injection; 9.8/10; No fix; Remove/or replace.
Digits Plugin
Privilege Escalation; 9.8/10; Update to v8.4.6.1+
ImageMagick Engine Plugin
RCE; 9.3/10; Update to v1.7.11+
Eventer Plugin
SQL Injection; 9.3/10; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#5 – Our blog: Updating WordPress Safely Made Easy
Putting off WordPress updates might seem harmless—until your site slows down, breaks, or gets hacked. Regular updates mean fewer surprises down the road and keep your site fresh and running smoothly.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
