A newly reported XSS vulnerability in Yoast SEO Pro, along with a LatePoint plugin flaw rated 8.8/10 in severity, threatens tens of millions of WordPress sites.
If your site ever crashes, our database repair and recovery guide can help you get back online in no time.
#1 – Security Risks in Popular Plugins
Keep your site in top shape by updating these widely-used plugins with known issues.
LatePoint Plugin
CSRF; 8.8/10; Update to v5.2.0+
Schema & Structured Data for WP & AMP Plugin
XSS; 7.1/10; Update to v1.50+
Yoast SEO Premium Plugin
XSS 6.5/10; Update to v26.0+
GiveWP Plugin
Broken Access Control; 6.5/10; Update to v4.10.1+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Not commonly used plugins, but high severity—4 of 6 are unpatched and removed from the WP repo, posing serious risk.
WPRecovery Plugin
SQL Injection; 10/10; Removed from wp.org; No fix; Remove/or replace.
Post By Email Plugin
Arbitrary File Upload; 10/10; Removed from wp.org; No fix; Remove/or replace.
WP Dispatcher Plugin
Arbitrary File Upload; 9.9/10; Removed from wp.org; No fix; Remove/or replace.
OAuth Single Sign On – SSO (OAuth Client) Plugin
Privilege Escalation; 9.8/10; Update to v6.26.13+
Appy Pie Connect for WooCommerce Plugin
Privilege Escalation; 9.8/10; Removed from wp.org; No fix; Remove/or replace.
AffiliateWP Plugin
SQL Injection; 9.3/10; Update to v2.29.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: WordPress Database Repair and Recovery Guide
A healthy WordPress database is key to a fast, stable site. When it becomes slow or corrupted, performance and reliability suffer — but fixing it is easier than you might think.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress