A newly reported XSS vulnerability in Yoast SEO Pro, along with a LatePoint plugin flaw rated 8.8/10 in severity, threatens tens of millions of WordPress sites.

If your site ever crashes, our database repair and recovery guide can help you get back online in no time.

Keep your site in top shape by updating these widely-used plugins with known issues.

LatePoint Plugin
CSRF; 8.8/10; Update to v5.2.0+

Schema & Structured Data for WP & AMP Plugin
XSS; 7.1/10; Update to v1.50+

Yoast SEO Premium Plugin
XSS 6.5/10; Update to v26.0+

GiveWP Plugin
Broken Access Control; 6.5/10; Update to v4.10.1+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Not commonly used plugins, but high severity—4 of 6 are unpatched and removed from the WP repo, posing serious risk.

WPRecovery Plugin
SQL Injection; 10/10; Removed from wp.org; No fix; Remove/or replace.

Post By Email Plugin
Arbitrary File Upload; 10/10; Removed from wp.org; No fix; Remove/or replace.

WP Dispatcher Plugin
Arbitrary File Upload; 9.9/10; Removed from wp.org; No fix; Remove/or replace.

OAuth Single Sign On – SSO (OAuth Client) Plugin
Privilege Escalation; 9.8/10; Update to v6.26.13+

Appy Pie Connect for WooCommerce Plugin
Privilege Escalation; 9.8/10; Removed from wp.org; No fix; Remove/or replace.

AffiliateWP Plugin
SQL Injection; 9.3/10; Update to v2.29.0+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: WordPress Database Repair and Recovery Guide

A healthy WordPress database is key to a fast, stable site. When it becomes slow or corrupted, performance and reliability suffer — but fixing it is easier than you might think.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress