This week is busy for vulnerabilities – top plugins and themes hit, and almost everyone is likely affected by at least one. Plus, watch for warning signs and protect your WordPress site – read more below.
#1 – Security Risks in Popular Plugins & Themes
Millions of sites are at risk from this long list of plugins and themes, with PixelYourSite leading the pack at 500,000+ affected.
PixelYourSite – Your smart PIXEL (TAG) Manager Plugin
Local File Inclusion; 7.2/10; Update to v11.1.2+
The7 Theme
XSS; 6.5/10; Update to v12.9.2+
GenerateBlocks Plugin
Sensitive Data Exposure; 6.5/10; Update to v2.1.2+
ShopLentor Plugin
XSS; 6.5/10; Update to v3.2.5+
Real Cookie Banner Plugin
SSRF; 6.5/10; Update to v5.2.5+
Widget Options Plugin
XSS; 6.5/10; Update to v4.1.3+
Beaver Builder Plugin (Starter Version) Plugin
XSS; 6.5/10; Update to v2.9.3.1+
Genesis Framework Theme Plugin
XSS; 6.5/10; Update to v3.6.1+
Jeg Elementor Kit Plugin
XSS; 5.9/10; Update to v2.7.0+
Orbit Fox by ThemeIsle Plugin
SSRF; 5.5/10; Update to v3.0.2+
Tutor LMS Pro Plugin
IDOR; 5.4/10; Update to v3.9.0+
BackWPup Plugin
Broken Access Control; 5.3/10; Update to v5.5.1+
User Feedback Plugin
Broken Access Control; 5.3/10; Update to v1.9.0+
Element Pack Elementor Addons Plugin
SSFR; 5.0/10; Update to v8.2.6+
Password Protected Plugin
Bypass Vulnerability; 3.7/10; Update to v2.7.12+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Even with limited use, WooCommerce Designer Pro—with 10/10 severity and no fix—tops the list of these high-risk plugins.
WooCommerce Designer Pro Plugin
Arbitrary File Upload; 10/10; No fix; Remove/or replace.
Product Filter by WBW Plugin
SQL Injection; 9.3/10; Update to v2.9.8+
wpForo Forum Plugin
SQL Injection; 9.3/10; Update to v2.4.9+
WP Full Stripe Free Plugin
SQL Injection; 9.3/10; Update to v8.3.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: Top 6 WordPress Attacks and How to Protect Your Site
WordPress security is crucial to prevent data leaks, legal issues, and reputation damage.
Explore the 6 most common WordPress attack types and their underlying vulnerabilities, including practical steps to strengthen your site’s protection against growing threats.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
