This week sees several hugely popular plugins with vulnerabilities, including a sensitive data exposure vulnerability in the Gutenberg block plugin.
From our blog, stay ready with the WordPress disaster recovery guide to help you bounce back if the worst happens.
#1 – Security Risks in Popular Plugins
Below are the exploited plugin vulnerabilities putting millions of sites at risk. Patch ASAP, don’t let yours be next.
Otter – Gutenberg Block Plugin
Sensitive Data Exposure; 7.5/10; Update to v3.1.1+
Beaver Builder Plugin
XSS; 7.1/10; Update to v2.9.3.1+
Slider Revolution Plugin
Arbitrary File Download; 6.5/10; Update to v6.7.37+
TablePress Plugin
XSS; 6.5/10; Update to v3.2.1+
Ocean Extra Plugin
XSS; 6.5/10; Update to v2.5.0+
Unlimited Elements For Elementor Plugin
XSS; 6.5/10; Update to v1.5.149+
All-in-One WP Migration Plugin
XSS; 5.9/10; Update to v7.98+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Not mainstream, but high severity—these are under active attack. Make sure they’re updated to reduce risk.
Pin WP Theme
Arbitrary File Upload; 9.9/10; Update to v7.2+
JS Archive List Plugin
SQL Injection; 9.3/10; Update to v6.1.6+
Dokan Pro Plugin
Privilege Escalation; 8.8/10; Update to v4.0.6+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: WordPress Disaster Recovery Without Downtime
Imagine a digital world where downtime is gone and recovery takes just a few clicks, with no data loss. Our WordPress disaster recovery guide goes beyond standard backups, getting you back online quickly without technical skills.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress