Critical attacks continue to target multiple popular plugins, including Code Snippets, affecting millions of sites, while W3 Total Cache and Gravity Forms are hit hardest with a 9/10 threat level. Plus, peek at our blog below for stealthy ways to keep your WordPress site safe and undetected from potential exploits.
#1 – High Security Risks in Popular Plugins
With high-risk vulnerabilities in these plugins, we’re flagging them first. Check that you’ve updated to the latest version.
W3 Total Cache Plugin
RCE; 9.0/10; Update to v2.8.13+
Gravity Forms Plugin
Arbitrary File Upload; 9.0/10; Update to v2.9.22+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Lower Security Risks in Popular Plugins
Given that millions of sites worldwide depend on these plugins, they present notable risks. Their popularity naturally draws more attacks. Stay safe—update.
Code Snippets Plugin
RCE; 8.5/10; Update to v3.9.2+
WP Go Maps Plugin
XSS; 7.1/10; Update to v9.0.48+
GiveWP Plugin
XSS; 7.1/10; Update to v4.13.1+
Royal Elementor Addons Plugin
XSS; 6.5/10; Update to v1.7.1032+
Element Pack Elementor Addons Plugin
XSS; 6.5/10; Update to v8.3.5+
Broken Link Checker Plugin
Broken Access Control; 5.4/10; Update to v1.2.6+
Post Type Switcher Plugin
IDOR; 5.4/10; Update to v4.0.1+
Responsive Lightbox Plugin
SSRF; 5.4/10; Update to v2.5.4+
YITH WooCommerce Wishlist Plugin
Broken Access Control; 5.3/10; Update to v4.10.1+
SiteSEO Plugin
Broken Authentication; 5.3/10; Update to v1.3.3+
LearnPress Plugin
Broken Access Control; 5.3/10; Update to v4.3.0+
Post Expirator Plugin
Broken Access Control; 3.8/10; Update to v4.9.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Not popular, not harmless—these plugins bring surprisingly big security threats.
Vitepos Plugin
Arbitrary File Upload; 9.9/10; Update to v3.3.1+
Mstore Mobile App Plugin
Privilege Escalation; 9.8/10; No fix; Remove/or replace.
Zegen Core Plugin
CSRF; 9.6/10; Update to v2.0.2+
Amelia Plugin
SQL Injection 9.3/10; Update to v1.2.36+
WP Directory Kit Plugin
SQL Injection; 9.3/10; Update to v1.4.4+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Make Your WordPress Site Harder to Detect
It’s natural to want extra protection by hiding your WordPress version, but it’s not enough, as hackers can still detect weaknesses.
Forget shortcuts—learn genuine security methods to keep your site hidden and fully protected.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
