This week sees several hugely popular plugins with vulnerabilities, including a sensitive data exposure vulnerability in the Gutenberg block plugin.
From our blog, stay ready with the WordPress disaster recovery guide to help you bounce back if the worst happens.
#1 – Security Risks in Popular Plugins and Themes
These plugins and theme, used by millions, have vulnerabilities that hackers love—patch yours before you become the next target.
FluentForm Plugin
PHP Object Injection; 6.5/10; Update to v6.1.2+
Flatsome Theme
XSS; 6.5/10; Update to v3.20.1+
AI Engine: ChatGPT Chatbot Plugin
Broken Access Control; 6.5/10; Update to v2.9.6+
Content Views Plugin
XSS; 6.5/10; Update to v4.2+
Admin Menu Editor Plugin
XSS; 5.9/10; Update to v1.14.1+
OceanWP Theme
Settings Change; 5.4/10; Update to v4.1.2+
Post SMTP Plugin
Broken Access Control; 4.3/10; Update to v3.4.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins and Themes
Under the radar, over the threat—these plugins and theme are being exploited in real time. Don’t leave your site exposed.
Quiz And Survey Master Plugin
PHP Object Injection; 9.8/10; Update to v10.2.6+
AdForest Theme
Broken Authentication; 9.8/10; Update to v6.0.10+
UsersWP Plugin
SQL Injection; 9.3/10; Update to v1.2.45+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – WordPress Debuts Telex, AI to Simplify Web Design
WordPress introduced Telex, an experimental AI tool, at WordCamp US 2025, presented by CEO Matt Mullenweg.
Using prompts, it can generate modular site components like Gutenberg blocks and simple animations.
Still in early development, this prototype delivers mixed results but aims to simplify web creation for users of all skill levels.
#4 – Our blog: How to Set Up WordPress Site Backups
A WordPress backup is your safety net against mistakes, failed updates, or attacks. When the unexpected happens, you can hit restore and keep moving.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
