Top 10 Big-Name Plugin Vulnerabilities & Why You Should Care

Even widely used WordPress plugins and themes aren’t immune to recurring vulnerabilities — one affects over 2 million installs. Updating regularly is critical, and our blog archive provides tips to keep your plugins in check.

#1 – Security Risks in Popular Plugins and Themes

Lower-severity flaws may sound harmless, but when a plugin runs on millions of sites like Elementor addon, it becomes a high-profile target for attackers. Keep below plugins and theme updated.

Responsive Lightbox Plugin
XSS; 7.1/10; Update to v2.5.3+

Enable Media Replace Plugin
XSS; 6.5/10; Update to v4.1.7+

Blocksy Companion Plugin
XSS; 6.5/10; Update to v2.1.15+

Betheme Theme
XSS; 6.5/10; Update to v28.1.7+

Colibri Page Builder Plugin
XSS; 6.5/10; Update to v1.0.335+

Ultimate Addons for Elementor – Lite Plugin
XSS; 5.9/10; Update to v2.5.0+

The Plus Addons for Elementor Page Builder Lite Plugin
XSS; 5.9/10; Update to v6.3.16+

WP Reset Plugin
Sensitive Data Exposure; 5.3/10; Update to v2.06+

WPC Smart Wishlist for WooCommerce Plugin
IDOR; 5.3/10; Update to v5.0.4+

WP Go Maps Plugin
CSRF; 4.3/10; Update to v9.0.47+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#2 – High Security Risks in Less Popular Plugins and Themes

Millions use some, hundreds use others — but even a small plugin or theme can open your site to attacks. Patching is crucial.

Ovatheme Events Manager Plugin
Arbitrary File Upload; 10/10; Update to v1.8.6+

Service Finder Booking Plugin
Broken Authentication; 9.8/10; Update to v6.1+

WP Freeio Plugin
Privilege Escalation; 9.8/10; Update to v1.2.22+

Search & Go Theme
Privilege Escalation; 9.8/10; Update to v2.8+

PopupKit Plugin
SQL Injection; 9.3/10; Update to v2.1.4+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: Efficient Plugins, Faster & Secure WordPress

Selecting the right plugins determines how fast, stable, and user-friendly your WordPress site feels. Add-ons like Elementor or WooCommerce can boost results when maintained properly. Regular monitoring preserves performance and prevents conflicts.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress