Familiar names, fresh threats. Many heavy hitters are back on our security radar! Browse this security overview and access the playbook to protect your site from Elementor vulnerabilities.
๐ If we miss you before the holidays, we wish a Merry Christmas to all who celebrate, and a bright, healthy, and prosperous 2026 to everyone! ๐
#1 โ Security Risks in Popular Plugins
With so many sites impacted, these plugins carry serious security risks, including recurring vulnerabilities in Gutenberg, Ultimate Member, Ninja Forms, and Husky. Address them without delay.
NextGEN Gallery Plugin
Local File Inclusion; 8.8/10; Update to v4.0.0+
Ninja Forms Plugin
Sensitive Data Exposure; 7.5/10; Update to v3.13.3+
Ultimate Member Plugin
XSS; 6.5/10; Update to v2.11.1+
FiboSearch โ Ajax Search for WooCommerce Plugin
XSS; 6.5/10; Update to v1.32.1+
Login Lockdown Plugin
Bypass Vulnerability; 5.3/10; Update to v2.15+
Essential Blocks for Gutenberg Plugin
Broken Access Control; 4.3/10; Update to v5.7.3+
Converter for Media Plugin
Broken Access Control; 4.3/10; Update to v6.4.0+
Filebird Plugin
Broken Access Control; 4.3/10; Update to v6.5.2+
HUSKY Plugin
IDOR; 4.3/10; Update to v1.3.7.4+
Post Expirator Plugin
Broken Access Control; 4.3/10; Update to v4.9.3+
Editor Comment
Itโs worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPROโs auto-upgrade feature for vulnerable plugins.
#2 โ Elementor Security Risks
These recurring flaws put over 13 million sites at risk. Ensure your Elementor setup is fully secured and updated.
Elementor Website Builder Plugin
XSS; 6.5/10; Update to v3.33.4+
Essential Addons for Elementor Plugin
XSS; 6.5/10; Update to v6.5.4+
Elementor Addon Elements Plugin
XSS; 6.5/10; Update to v1.14.4+
Royal Elementor Addons Plugin
Broken Access Control; 5.3/10; Update to v1.7.1037+
Prime Slider โ Addons For Elementor Plugin
SSRF; 4.3/10; Update to v4.1.0+
Editor Comment
Itโs worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPROโs auto-upgrade feature for vulnerable plugins.
#3 โ High Security Risks in Less Popular Plugins
These plugins are a security nightmare, particularly the first on the list that remain unaddressed.
WP3D Model Import Viewer Plugin
Arbitrary File Upload; 9.9/10; No fix; Remove/or replace.
Export WP Page to Static HTML/CSS Plugin
Sensitive Data Exposured; 9.8/10; Update to v5.0.0+
Booking Calendar Plugin
SQL Injection; 9.3/10; Update to v10.14.9+
wpForo Forum Plugin
SQL Injection; 9.3/10; Update to v2.4.13+
Filter & Grids Plugin
SQL Injection; 9.3/10; Update to v3.2.1+
Editor Comment
Itโs worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPROโs auto-upgrade feature for vulnerable plugins.
#4 โ Our blog: Elementor Vulnerabilities & Security Strategies
Elementor is one of the most widely used WordPress page builders, powering over 10 million sites worldwide. Its popularity also makes it a common target for attacks, which is why proactive security is necessary. Relying on updates alone is not enough to keep your site protected.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
