A series of plugin reports hit this week, and Widget Options stands out with a serious 9/10 vulnerability still awaiting a fix. It’s a strong reminder to harden your WordPress security (see more below).
#1 – High Security Risks in Popular Plugin
100,000+ sites are exposed to an extremely severe RCE risk. Attackers can upload arbitrary files and run code on the server, with no patch released yet.
Widget Options Plugin
RCE; 9/10; No fix; Remove/or replace.
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins and Themes
Vulnerabilities in the plugins and theme below put millions of WordPress sites in the danger zone. Apply the latest updates as soon as possible to help prevent a successful attack.
Page Builder by SiteOrigin Plugin
Local File Inclusion; 8.8/10; Update to v2.34.0+
LatePoint Plugin
Privilege Escalation; 8.8/10; Update to v5.2.8+
Fluent Forms Pro Add On Pack Plugin
Arbitrary Content Deletion; 7.6/10; Update to v6.1.18+
Meta Box – WordPress Custom Fields Framework Plugin
Arbitrary File Deletion; 7.2/10; Update to v5.11.2+
WP All Import Plugin
XSS; 7.1/10; Update to v4.0.1+
Blocksy Theme
XSS; 6.5/10; Update to v2.1.31+
Envira Photo Gallery Plugin
XSS; 5.9/10; Update to v1.12.4+
Enable Media Replace Plugin
Broken Access Control; 5.4/10; Update to v4.1.8+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
They might not top the charts, but these plugins face major security flaws, and one is still waiting on a fix.
Builderall Builder for WordPress Plugin
RCE; 9.9/10; No fix; Remove/or replace.
Geo Mashup Plugin
SQL Injection; 9.3/10; Update to v1.13.18+
WooCommerce License Manager Plugin
Arbitrary File Upload; 9.1/10; Update to v7.0.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: WordPress Hardening Checklist
With online threats increasing, WordPress security can’t be ignored. Site hardening adds vital layers of protection to keep your data and visitors safe.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
