This week, we spotlight security risks in widely used WordPress plugins, including a recurring LiteSpeed Cache vulnerability affecting millions, and the critical 9.3/10 HUSKY plugin flaw.
Due to rising requests for help with preventing spam user registrations, we’re re-sharing our proven solutions from our blog.
#1 – Higher Security Risks in Popular Plugins
Serious vulnerabilities in these plugins are being actively exploited, impacting more than a million sites.
HUSKY Plugin
SQL Injection; 9.3/10; Update to v1.3.7.2+
Polylang Plugin
Deserialization of untrusted data; 8.8/10; Update to v3.7.4+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Lower Security Risks in Popular Plugins
These plugins may not be high-severity, but they impact over 15 million sites and require immediate attention.
LiteSpeed Cache Plugin
XSS; 7.1/10; Update to v7.6+
Anti-Malware Security and Brute-Force Firewall Plugin
Arbitrary File Download; 6.5/10; Update to v4.23.83+
WooCommerce Plugin
XSS; 5.9/10; Update to v10.0.3+
The Events Calendar Plugin
Broken Access Control; 4.3/10; Update to v6.15.10+
Call Now Button Plugin
Broken Access Control; 4.3/10; Update to v1.5.5+
Advanced Database Cleaner Plugin
CSRF; 4.3/10; Update to v3.1.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins and Themes
Despite their lower popularity, these plugin and theme still pose critical risks to sites.
King Addons for Elementor Plugin
Arbitrary File Upload/Privilege Escalation via Registration Endpoint; 9.8/10; Update to v51.1.37+
Jobmonster Theme
Broken Authentication; 9.8/10; Update to v4.8.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Prevent Spam User Registration in WordPress
WordPress is a prime target for spammers, and fake registrations can overwhelm your site, impacting performance, analytics, and security. With the right tools and strategies, you can block spam and keep your site running smoothly.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
