Vulnerabilities in popular WordPress plugins are putting countless sites across the web in danger this week.
Our latest blog shares the story of how your backup can turn against you and what you can do about it.
#1 – Security Risks in Popular Plugins and Themes
Even minor flaws in widely used plugins and themes can be risky, as attackers often focus on the most popular targets. Stay safe—update.
Download Manager Plugin
XSS; 7.1/10; Update to v3.3.24+
Blocksy Companion Plugin
XSS; 6.5/10; Update to v2.1.11+
Kubio AI Page Builder Plugin
Broken Access Control; 5.4/10; Update to v2.6.5+
Sydney Theme
Broken Access Control; 5.4/10; Update to v2.57+
SureForms Plugin
Broken Access Control; 4.3/10; Update to v1.12.1+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Limited use, significant threat—be aware of these high-risk plugins.
WP Ultimate CSV Importer Plugin
RCE; 9.9/10; Update to v7.29+
Service Finder Booking Plugin
Privilege Escalation; 9.8/10; No fix; Remove/or replace.
Quiz Maker Plugin
SQL Injection; 9.3/10; Update to v6.7.0.57+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: The Night Sarah’s Backups Turned Against Her
WordPress backup plugins store Google Drive credentials in your database. Learn why this security flaw means one hack can destroy both your site and backups.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
