We’ve got ongoing Elementor security issues this week, new AI moves from WordPress, and WCEU is right around the corner.
#1 – Security Risks in Popular Plugins
Though not critical, these plugins still require urgent patches to stop malicious code injections.
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
XSS; 6.5/10; Update to v6.9.1+
Royal Elementor Addons Plugin
XSS; 6.5/10; Update to v1.7.1021+
Element Pack Elementor Addons Plugin
XSS; 6.5/10; Update to v5.11.3+
The Plus Addons for Elementor Page Builder Lite Plugin
XSS; 6.5/10; Update to v6.2.8+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins and Themes
Even with limited reach, these plugins and theme carry high risk—one remains exposed.
MasterStudy LMS Pro Plugin
Arbitrary File Upload; 9.9/10; Update to v4.7.1+
Course Builder Theme
PHP Object Injection; 9.8/10; Update to v3.6.6+
WBW Product Table Pro Plugin
SQL Injection; 9.3/10; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – WordPress Begins Formal AI Initiative
As interest in artificial intelligence continues to grow, WordPress is taking a more active role by forming a team to support related development within its community.
#4 – Our blog: Prevent and Detect WordPress Theme Hacks
WordPress themes can pose serious security risks that often go unnoticed. Outdated or poorly maintained themes make sites vulnerable to hidden attacks, which can damage traffic, SEO, and user trust. Detecting and preventing these breaches early is vital to protect your site.
#5 – WordCamp Europe 2025
Date: 5-7 June 2025
Location: Basel, Switzerland
WCEU is always filled with activity, and the 2025 edition in Basel promises the same dynamic energy. Over three full days, attendees can look forward to insightful talks from industry leaders, hands-on workshops, and countless opportunities to connect with fellow WordPress enthusiasts from around the world.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress