This week’s threat update covers repeated plugin weaknesses and a top-tier 10/10 ThemeREX Addons vulnerability, along with insights into the true cost of securing WordPress sites (full details below).
#1 – High Security Risks in Popular Plugins
These plugins are affected by severe vulnerabilities with an exposure of over 200,000 sites. Update now, stay safe.
ThemeREX Addons Plugin
Arbitrary File Upload; 10/10; Update to v2.38.5+
JetEngine Plugin
SQL Injection; 9.3/10; Update to v3.8.6.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins
Not every plugin is in urgent danger, but millions of sites depend on their stability. A quick update now can prevent big problems later.
Amelia Plugin
Broken Authentication; 8.8/10; Update to v9.2+
SureForms Plugin
Broken Access Control; 7.5/10; Update to v2.6.0+
JetFormBuilder Plugin
Arbitrary File Download; 7.5/10; Update to v3.5.6.3+
Smart Slider 3 Plugin
Arbitrary File Download; 6.5/10; Update to v3.5.1.34+
Ninja Forms Plugin
Sensitive Data Exposure; 6.5/10; Update to v3.14.2+
ShortPixel Image Optimizer Plugin
XSS; 5.9/10; Update to v6.4.4+
PageLayer Plugin
Content Injection; 5.3/10; Update to v2.0.8+
Elementor Website Builder Plugin
Sensitive Data Exposure; 4.3/10; Update to v3.35.8+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Popularity may be low, but the security risks of these plugins are high. Make sure to update them before trouble hits.
Woocommerce Custom Product Addons Pro Plugin
RCE; 10/10; Update to v5.4.2+
WP Maps Plugin
SQL Injection; 9.3/10; Update to v4.9.2+
WP Job Portal Plugin
SQL Injection; 9.3/10; Update to v2.4.9+
WP DSGVO Tools (GDPR) Plugin
Broken Access Control; 9.1/10; Update to v3.1.39+
JupiterX Core Plugin
Broken Access Control; 8.8/10; Update to v4.14.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: Explore the true cost of WordPress security
Compare Wordfence Free and MalCare Free on real cleanup capability, server performance, and what each plan actually costs when your site gets compromised.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
