High-risk vulnerabilities hit Ninja Forms and The Events Calendar, impacting more than a million sites, with several other widely-used plugins close behind.

Stay protected and preserve your tweaks with our safe theme update strategies. (see below)

Over 1.3 million sites are vulnerable with extremely high-severity risk. Update these plugins ASAP.

Ninja Forms Plugin
PHP Object Injection; 9.8/10; Update to v3.11.1+

The Events Calendar Plugin
SQL Injection; 9.3/10; Update to v6.15.1.1+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

These plugins power 400,000+ sites, putting many at risk. Update yours.

Tutor LMS Plugin
SQL Injection; 7.6/10; Update to v3.8.0+

WP All Import Plugin
Arbitrary File Upload; 7.2/10; Update to v3.9.4+

ShopLentor Plugin
XSS; 6.5/10; Update to v3.2.1+

NitroPack Plugin
Broken Access Control; 5.4/10; Update to v1.18.5+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Hidden from the spotlight but critical—one theme vulnerability scores 10/10 and remains unpatched.

Doccure Theme
Arbitrary File Upload; 10/10; No fix; Remove/or replace.

Mow Theme
CSRF; 9.6/10; Update to v4.11+

Responsive Filterable Portfolio Plugin
Arbitrary File Upload; 9.1/10; Update to v1.0.25+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#4 – Our blog: How to Update WordPress Theme Without Losing Changes

Updating your WordPress theme doesn’t have to mean losing your hard work. With the right strategy, your site can stay compatible, fast, and bug-free while preserving all your customisations.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress