In this edition, we cover some very high security risks in popular WordPress plugins and other vulnerabilities that remain unpatched. To go with that, our blog breaks down everyday mistakes that could invite hackers in and how to stop them.
#1 – High Security Risks in Popular Plugins
The plugins below contain extremely high-severity vulnerabilities, putting half a million sites at risk.
WP Mail Logging Plugin
PHP Object Injection; 9.8/10; Update to v1.16+
Tutor LMS Plugin
SQL Injection; 9.3/10; Update to v3.9.7+
AI Engine Plugin
Arbitrary File Upload; 9.1/10; Update to v3.3.3+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins and Themes
The following popular plugins and theme aren’t all in a critical state, but two stand out as critical because they remain unpatched.
Royal Elementor Addons Plugin Plugin
Other Vulnerability Type; 8.2/10; No fix; Remove/or replace.
Fluent Forms Pro Add On Pack Plugin
Broken Access Control; 7.5/10; Update to v6.1.18+
Chaty Plugin
Sensitive Data Exposure; 7.5/10; Update to v3.5.2+
Responsive Lightbox Plugin
XSS; 7.1/10; Update to v2.6.1+
Porto Theme
XXS; 7.1/10; No fix; Remove/or replace.
The Events Calendar Plugin
Broken Access Control; 5.4/10; Update to v6.15.16.1+
Post Duplicator Plugin
Broken Access Control; 4.3/10; Update to v3.0.9+
Disable Admin Notices individually Plugin
CSRF; 4.3/10; Update to v1.4.3+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Despite their limited popularity, these plugins come with major security risks, most notably the first one, which remains unfixed.
Builderall Builder for WordPress Plugin
RCE; 9.9/10; No fix; Remove/or replace.
Geo Mashup Plugin
SQL Injection; 9.3/10; Update to v1.13.18+
WooCommerce License Manager Plugin
Arbitrary File Upload; 9.1/10; Update to v7.0.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Mistakes That Might Have Opened the Door to Hackers
It’s not just the outside world that poses a security risk to WordPress websites; employees and managers also need to be aware of their actions, as they can open the door to hackers.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
