WordPress sites remain under pressure from vulnerabilities in widely used plugins, with CleanTalk’s Anti‑Spam among the most critical. Stay ahead of attackers with this breakdown and our dedicated WooCommerce security guide.
#1 – High Security Risks in Popular Plugin
The high‑risk vulnerability in this plugin could permit arbitrary file uploads, including backdoors, which may lead to full site compromise on more than 900,000 installations. Updating immediately is strongly recommended.
Spam Protection, Honeypot, Anti-Spam by CleanTalk Plugin
Authorisation Bypass/Broken Access Control; 9.8/10; Update to v6.72+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins
Since 1+ million sites use these plugins, they sit high on attackers’ target lists. The risks might seem small, yet ignoring them is an open invitation to trouble.
Aruba HiSpeed Cache Plugin
XXS; 7.1/10; Update to v3.0.3+
Brevo Plugin
Broken Access Control; 6.5/10; Update to v3.3.1+
Ally Plugin
Broken Access Control; 5.3/10; Update to v4.0.3+
WooCommerce Checkout Manager Plugin
Arbitrary File Upload; 5.3/10; Update to v7.8.2+
Image Optimizer by Elementor Plugin
Broken Access Control; 4.3/10; Update to v1.7.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Even though these plugins are less common, their security vulnerabilities are critical and currently exploited, with one posing an extra risk because no fix exists yet.
Woocommerce Wholesale Lead Capture Plugin
Privilege Escalation; 9.8/10; No fix; Remove/or replace.
WooCommerce Product Table Lite Plugin
SQL Injection; 9.3/10; Update to v4.6.3+
s2Member Plugin
Privilege Escalation; 9.8/10; Update to v260215+
Advanced AJAX Product Filters Plugin
PHP Object Injection; 8.8/10; Update to v3.1.9.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Keep Hackers Out of Your WooCommerce Shop
Your WooCommerce store can be exposed to cross‑site scripting, injected malware, automated login attacks, and destructive file changes. Use our hands‑on tips to tighten security, monitor for warning signs, and protect your revenue and customers.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
