Crucial updates for popular plugins under attack, alongside high security risks in lesser-used plugins. We’ve also got some WordPress community news and a piece from our blog.

Below lists popular plugins with known vulnerabilities that are actively exploited.

ACF PRO Plugin
Arbitrary Code Execution; 5.4/10; Update to v6.3.8+

TablePress Plugin
XSS; 5.9/10; Update to v2.4.3+

WooCommerce Multilingual & Multicurrency Plugin
XSS; 7.1/10; Update to v5.3.8+

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Plugin
CSRF; 4.3/10; Update to v3.1.88+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

The following vulnerabilities are high-risk, though for less commonly used plugins.

GutenKit Plugin
Arbitrary File Upload; 10/10; Update to v2.1.1+

WordPress File Upload Plugin
Path Traversal; 9.8/10; Update to v4.24.12+

LatePoint Plugin
Broken Authentication; 9.8/10; Update to v5.0.13+

TI WooCommerce Wishlist Plugin
SQL Injection; 9.3/10; Removed from wp.org; No fix available; Remove/or replace.

Backup and Staging by WP Time Capsule Plugin
SQL Injection; 8.5/10; Update to v1.22.22+

Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.

#3 – Latest WordPress News

Here are the latest updates in the WordPress community you won’t want to miss.

Mandatory Affiliation Checkbox Now Required at wp.org Login
As the dispute between WP Engine and Automattic deepens, WordPress.org has added a new required checkbox for users logging in.

Users who don’t check this box may not log in or register.

WP Took Control Over ACF Plugin, Rebranded It
WordPress took control of the ACF plugin, used by millions, to address security concerns and remove upsells, renaming it “Secure Custom Fields.”

#4 – Our Blog: WP Attacks and How to Stay Safe

Managing a WordPress site requires a focus on security. With many attacks targeting vulnerabilities, taking practical measures to improve site safety is crucial.

More Info →

Thanks for reading, and have a great week!

Paul Goodchild
Shield Security for WordPress