This week sees several hugely popular plugins with vulnerabilities, including a sensitive data exposure vulnerability in the Gutenberg block plugin.

From our blog, stay ready with the WordPress disaster recovery guide to help you bounce back if the worst happens.

Below are the exploited plugin vulnerabilities putting millions of sites at risk. Patch ASAP, don’t let yours be next.

Otter – Gutenberg Block Plugin
Sensitive Data Exposure; 7.5/10; Update to v3.1.1+

Beaver Builder Plugin
XSS; 7.1/10; Update to v2.9.3.1+

Slider Revolution Plugin
Arbitrary File Download; 6.5/10; Update to v6.7.37+

TablePress Plugin
XSS; 6.5/10; Update to v3.2.1+

Ocean Extra Plugin
XSS; 6.5/10; Update to v2.5.0+

Unlimited Elements For Elementor Plugin
XSS; 6.5/10; Update to v1.5.149+

All-in-One WP Migration Plugin
XSS; 5.9/10; Update to v7.98+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Not mainstream, but high severity—these are under active attack. Make sure they’re updated to reduce risk.

Pin WP Theme
Arbitrary File Upload; 9.9/10; Update to v7.2+

JS Archive List Plugin
SQL Injection; 9.3/10; Update to v6.1.6+

Dokan Pro Plugin
Privilege Escalation; 8.8/10; Update to v4.0.6+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: WordPress Disaster Recovery Without Downtime

Imagine a digital world where downtime is gone and recovery takes just a few clicks, with no data loss. Our WordPress disaster recovery guide goes beyond standard backups, getting you back online quickly without technical skills.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress