Even minor issues in widely used WordPress plugins like Elementor, or ProfilePress can have a big impact. Stay informed with this selection and follow our staging site guide to create a safe testing environment.

Minor issues aside, these widely used plugins should remain on your radar.

Essential Addons for Elementor Plugin
XSS; 6.5/10; Update to v6.2.3+

The Plus Addons for Elementor Page Builder Lite Plugin
Broken Access Control; 6.5/10; Update to v6.3.14+

ProfilePress Plugin
Content Injection; 6.5/10; Update to v4.16.5+

WP Statistics Plugin
Broken Access Control; 4.3/10; Update to v14.15.2+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Security concerns are high for these plugins, especially 2 that remain open.

Bit Form – Contact Form Plugin
Arbitrary File Upload; 10/10; Update to v2.20.4+

StoryChief Plugin
Arbitrary File Upload; 10/10; Removed from wp.org; No fix; Remove/or replace.

School Management Plugin
SQL Injection; 9.3/10; Removed from wp.org; No fix; Remove/or replace.

Dynamic Pricing With Discount Rules for WooCommerce Plugin
Arbitrary Code Execution; 9.1/10; Update to v4.5.10+

Online Booking & Scheduling Calendar for WordPress by Vcita Plugin
Arbitrary File Upload; 9.1/10; Update to v4.5.5+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: Create a WordPress Staging Site Step by Step

A WordPress staging site lets you safely test updates and design tweaks without risking your live site. It protects you from bugs, broken features, and costly downtime.

Easy to use, it’s a must-have tool for anyone serious about running a smooth site.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress