Security never sleeps, and this week proves it. Multiple WordPress vulnerabilities surfaced across high-profile plugins, putting millions at risk.
Since CSRF attacks often remain overlooked, catch them before they cause any damage. (see below)
#1 – Security Risks in Popular Plugins
From top plugins to critical frameworks, millions of sites face exposure—Redux Framework alone impacts over 1 million.
Redux Framework Plugin
XSS; 6.5/10; Update to v4.5.9+
Popup Builder Plugin
XSS; 6.5/10; Update to v4.4.2+
a3 Lazy Load Plugin
XSS; 6.5/10; Update to v2.7.6+
Colibri Page Builder Plugin
XSS; 6.5/10; Update to v1.0.342+
YITH WooCommerce Quick View Plugin
XSS; 6.5/10; Update to v2.7.1+
MailerLite – Signup Forms Plugin
XSS; 5.9/10; Update to v1.7.17+
TI WooCommerce Wishlist Plugin
Content Injection; 5.3/10; Update to v2.11.0+
GenerateBlocks Plugin
Sensitive Data Exposure; 4.3/10; Update to v2.2.0+
ProfilePress Plugin
Content Injection; 4.3/10; Update to v4.16.8+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins
Even the ‘quiet’ plugins, like the ones below, are risky, with 120,000+ sites under serious exposure.
Elated Membership Plugin
Broken Authentication; 9.8/10; Update to v1.3+
Funnel Builder by FunnelKit Plugin
SQL Injection; 9.3/10; Update to v3.13.1.6+
WP Webhooks Plugin
Arbitrary File Upload; 9.0/10; Update to v3.3.9+
List Category Posts Plugin
SQL Injection; 8.5/10; Update to v0.92.0+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: Detecting and Preventing WordPress CSRF Vulnerabilities
WordPress CSRF vulnerabilities are frequently ignored and can allow attackers to perform admin actions without detection. From missing anti-CSRF tokens to broken nonce implementations, even small mistakes can completely undermine protection. We explain how to identify, test, and properly fix CSRF issues with practical, auditable solutions.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
