Following a short pause, we’re back with critical WordPress security updates. This edition covers multiple popular plugin flaws—most notably, a sophisticated high-risk attack on the AI Engine plugin affecting thousands of sites.
#1 – High Security Risk in Popular Plugin
100,000+ sites vulnerable with extremely high severity; attackers can upload any file.
AI Engine: ChatGPT Chatbot Plugin
Arbitrary File Upload; 9.9/10; Update to v2.9.5+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Lower Security Risks in Popular Plugins
Millions use these plugins, making risk unavoidable. Stay safe—update.
Smart Slider 3 Plugin
SQL Injection; 7.6/10; Update to v3.5.1.29+
GiveWP Plugin
Sensitive Data Exposure; 7.5/10; Update to v4.6.1+
Elementor Website Builder Plugin
XSS; 6.5/10; Update to v3.30.3+
Metform Plugin
XSS; 6.5/10; Update to v4.0.2+
The Plus Addons for Elementor Page Builder Lite Plugin
XSS; 6.5/10; Update to v6.3.11+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins and Themes
Not in the spotlight, yet breaking thousands of sites. Time to patch these high-risk vulnerabilities.
BerqWP Plugin
Arbitrary File Upload; 10/10; Update to v2.2.44+
MediCenter – Health Medical Clinic Theme
PHP Object Injection; 9.8/10; Update to v15.2+
Service Finder SMS System Plugin
Privilege Escalation; 9.8/10; Update to v3.0.0+
MelaPress Login Security Plugin
Privilege Escalation; 9.8/10; Update to v2.2.0+
Geo Mashup Plugin
Local File Inclusion; 9.8/10; Update to v1.13.17+
GeoDirectory Plugin
SQL Injection; 9.3/10; Update to v2.8.98+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Downgrade WordPress Plugins Without Breaking Your Site
WordPress updates can sometimes complicate things instead of simplifying them. Learn how to safely downgrade your WP core, plugins, and themes to get back on track, plus what to consider before hitting rewind.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
