Another week brings more vulnerabilities in popular plugins, including three of extremely high severity. With so many sites at risk, our blog guides you through a fast, complete security setup. (see more below)

These plugins carry extremely high risk across 2+ million installations—take action now to secure your site.

SureMail Plugin
Arbitrary File Upload; 10/10; Update to v1.9.1+

Advanced Custom Fields: Extended Plugin
RCE; 10/10; Update to v0.9.2+

Starter Templates Plugin
Arbitrary File Upload; 9.1/10; Update to v4.4.42+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

With 4+ million sites relying on them, these plugins create serious exposure. Update yours to ensure your site is protected.

Backup Migration Plugin
Broken Access Control; 7.5/10; Update to v2.0.0+

Widgets for Google Reviews Plugin
XSS; 7.1/10; Update to v13.2.5+

Kadence WooCommerce Email Designer Plugin
XSS; 7.1/10; Update to v1.5.18+

Rich Shortcodes for Google Reviews Plugin
XSS; 7.1/10; Update to v6.8.1+

Modula Image Gallery Plugin
Arbitrary File Deletion; 6.8/10; Update to v2.13.3+

Autoptimize Plugin
XSS; 6.5/10; Update to v3.1.14+

FluentForm Plugin
IDOR; 6.5/10; Update to v6.1.8+

Post SMTP Plugin
Broken Access Control; 5.4/10; Update to v3.6.2+

Beaver Builder Plugin
Broken Access Control; 5.4/10; Update to v2.9.4.1+

Custom Post Type UI Plugin
Broken Access Control; 4.8/10; Update to v1.18.1+

HUSKY Plugin
IDOR; 4.3/10; Update to v1.3.7.3+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

Not flashy, but far from harmless—these plugins are causing trouble. Update to restore order.

Frontend Admin by DynamiApps Plugin
Privilege Escalation; 9.8/10; Update to v3.28.21+

StreamTube Core Plugin
Broken Authentication; 9.8/10; Update to v4.79+

10Web Booster Plugin
Arbitrary File Deletion; 9.6/10; Update to v2.32.11+

All-in-One Video Gallery Plugin
Arbitrary File Upload; 9.1/10; Update to v4.6.4+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#4 – Our blog: WP Security Plugin Configuration from Install to Full Protection

Securing your WordPress site doesn’t need to be complicated. One well-configured plugin, daily backups, and smart automation can protect you better than stacks of tools.

Protect your site once and for all – in under 30 minutes.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress