Millions of WordPress sites are under attack, thanks to weak spots in popular plugins and theme—and now the Efimer Trojan malware is joining the fight. Stay ahead with our roundup and WooCommerce safety guide.
#1 – Security Risks in Popular Plugins and Themes
7+ million sites rely on these plugins and theme, and their popularity turns them into hacker magnets. Even if the risks seem small, ignoring them invites trouble.
Filebird Plugin
SQL Injection; 8.5/10; Update to v6.4.9+
WPBakery Page Builder Plugin
XSS; 6.5/10; Update to v8.6+
Betheme Theme
XSS; 6.5/10; Update to v28.1.4+
Element Pack Elementor Addons Plugin
XSS; 6.5/10; Update to v8.1.6+
Simple Local Avatars Plugin
Broken Access Control; 4.3/10; Update to v2.8.5+
Advanced Custom Fields (ACF) Plugin
RCE; 3.8/10; Update to v3.5.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Not as widespread, but when these plugins hit, they cause major damage—one in particular is a high-risk threat thanks to unpatched flaws.
WP Import Export Lite Plugin
Arbitrary File Upload; 9.9/10; Update to v3.9.30+
Brave Conversion Engine Pro Plugin
Broken Authentication; 9.8/10; Update to v0.8.0+
CleverReach® WP Plugin
SQL Injection; 9.3/10; Removed from wp.org; No fix; Remove/or replace.
Easy Form Builder Plugin
SQL Injection; 9.3/10; Update to v3.8.16++
MapSVG Plugin
SQL Injection; 9.3/10; Update to v8.7.4+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – New Trojan Targets WordPress Sites
Efimer Trojan steals crypto wallets and infects WordPress sites to spread malware. It targets users through fake torrents and phishing emails. Infection happens when malicious files are run.
Protect yourself by avoiding suspicious downloads, verifying emails, and keeping security software updated. WP admins should enforce strong security measures and monitor sites regularly.
#4 – Our blog: Protect WooCommerce from Hacking Attempts
WooCommerce stores are vulnerable to attacks like cross-site scripting, code injection, brute-force attempts, and file deletion. We provide practical tips to help you identify threats early and keep your store secure.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
