Recent exploits are circulating across millions of WordPress sites, and yours may be affected. Explore which plugins need review and how to stop comment spam without blocking real users.

Even with these plugins not triggering urgent security alerts, they’re widely used and might be critical, especially one still unaddressed.

Jeg Elementor Kit Plugin
XSS; 6.5/10; Update to v3.0.2+

Tutor LMS Plugin
Broken Access Control; 6.5/10; Update to v3.9.4+

AMP for WP Plugin
XSS; 5.9/10; Update to v1.1.11+

FluentForm Plugin
Broken Access Control; 5.4/10; Update to v6.1.8+

Post Expirator Plugin
Broken Access Control; 5.4/10; Update to v4.9.4+

Forminator Plugin
Broken Access Control; 5.3/10; Update to v1.49.2+

Templately Plugin
Broken Access Control; 5.3/10; Update to v3.4.9+

ShareThis Dashboard for Google Analytics Plugin
Sensitive Data Exposure; 4.7/10; Removed from wp.org; No fix; Remove/or replace.

Folders Plugin
Broken Access Control; 4.3/10; Update to v3.1.6+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

With ongoing exploitation, the plugins below are very critical, with one still unresolved.

Drag and Drop Multiple File Upload – Contact Form 7 Plugin
Arbitrary File Upload; 10/10; Update to v1.3.9.3+

Frontend Admin by DynamiApps Plugin
Privilege Escalation; 9.8/10; Update to v3.28.26+

WP Enable WebP Plugin
Arbitrary File Upload; 9.1/10; No fix; Remove/or replace.

Ninja Tables Plugin
SQL Injection; 8.5/10; Update to v5.2.5+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Our blog: How to Block Comment Spam Effectively

CAPTCHA can block bots, but it often frustrates real users who just want to leave a comment. We’ll show you effective ways to stop comment spam without compromising the user experience.

More Info →

Thanks for reading, and have a wonderful week!

Paul Goodchild
Shield Security for WordPress