Security is in focus again, with high-severity vulnerabilities in Supreme Modules Lite and a new All In One SEO risk impacting millions. Highlights from our SQL injection prevention blog round out this week’s update.
#1 – Security Risks in Popular Plugins
These plugins are widely used, and the first one on the list is the most critical, with a 9.1/10 severity score. Update as soon as possible if you have them installed.
Supreme Modules Lite Plugin
Arbitrary File Upload; 9.1/10; Update to v2.5.63+
Advanced Ads Plugin
SQL Injection; 7.6/10; Update to v2.0.16+
YouTube Feed Pro Plugin
Arbitrary File Upload; 7.5/10; Update to v2.6.1+
Breeze Plugin
Broken Access Control; 5.3/10; Update to v2.2.22+
All In One SEO Pack Plugin
Broken Access Control; 4.3/10; Update to v4.9.3+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – High Security Risks in Less Popular Plugins and Themes
These components have smaller install counts but very high severity scores, which makes them critical on any site where they are present.
Modular DS Plugin
Privilege Escalation; 10/10; Update to v2.5.2+
Blogzee Theme
Arbitrary File Upload; 9.9/10; No fix; Remove/or replace.
RegistrationMagic Plugin
Privilege Escalation; 9.8/10; Update to v6.0.7.2+
Simply Schedule Appointments Plugin
SQL Injection; 9.3/10; Update to v1.6.9.13+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – Our blog: Prevent SQL Injection in WordPress
SQL injections are a serious threat that can severely impact WordPress sites. We cut through the technical jargon and provide clear, practical guidance to help you protect your site, regardless of your level of technical experience.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
