It doesn’t seem to take very long for either, or both, of Elementor or LiteSpeed to make an appearance on our ShieldNOTES editions.<\/p>\n\n\n\n
There are also 2 Elementor-related plugins with vulnerabilities, and the popular User Role Editor plugin faces exposes sites to a CSRF of severity 9.8\/10.<\/p>\n\n\n\n
\ud83c\udf84 If you don’t hear from us beforehand, we wish all those who celebrate Christmas, a very merry Christmas holiday season, and everyone a prosperous New Year for 2025! \ud83c\udf84<\/p>\n\n\n\n
This is a high risk plugin, affecting 700,000+ sites.<\/p>\n\n\n\n
User Role Editor Plugin<\/a><\/strong> Editor Comment<\/strong> These are widely used plugins with security threats, impacting millions of sites.<\/p>\n\n\n\n Elementor Website Builder Plugin<\/a><\/strong> LiteSpeed Cache Plugin<\/a><\/strong> Elementor \u2013 Header, Footer & Blocks Template Plugin<\/a><\/strong> Download Manager Plugin<\/a><\/strong> Element Pack Elementor Addons Plugin<\/a><\/strong> Editor Comment<\/strong> Despite their limited use, these plugins and themes pose serious security risks.<\/p>\n\n\n\n WPLMS Plugin<\/a><\/strong> AdForest Theme<\/a><\/strong> Biagiotti Membership Plugin<\/a><\/strong> VibeBP Plugin<\/a><\/strong> Traveler Theme<\/a><\/strong> Frontend Admin by DynamiApps Plugin<\/a><\/strong> Collapsing Categories Plugin<\/a><\/strong> Editor Comment<\/strong> With the WP vs WP Engine saga continuing to play out, Matt has put several free services on pause, with no end date provided. Users can still set up WordPress installations and accounts during this time.<\/p>\n\n\n\n
CSRF; 9.8<\/strong>\/10; Update to v4.64.4+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#2 – Lower Security Risks in Popular Plugins<\/h2>\n\n\n\n
XSS; 6.5\/10; Update to v3.25.10+<\/p>\n\n\n\n
XSS; 6.5\/10; Update to v6.5.3+<\/p>\n\n\n\n
XSS; 6.5\/10; Update to v1.6.47+<\/p>\n\n\n\n
XSS; 5.9\/10; Update to v3.3.03+<\/p>\n\n\n\n
Broken Access Control; 4.3\/10; Update to v5.10.13+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#3 – High Security Risks in Less Popular Plugins & Themes<\/h2>\n\n\n\n
Arbitrary File Upload; 9.9<\/strong>\/10; Update to v1.9.9.5.3+<\/p>\n\n\n\n
Broken Access Control; 9.8<\/strong>\/10; Update to v5.1.7+<\/p>\n\n\n\n
Privilege Escalation; 9.8<\/strong>\/10; Update to v1.1+<\/p>\n\n\n\n
SQL Injection; 9.3<\/strong>\/10; Update to v1.9.9.7.7+<\/p>\n\n\n\n
SQL Injection; 9.3<\/strong>\/10; Update to v3.1.7+<\/p>\n\n\n\n
SQL Injection; 9.3<\/strong>\/10; Update to v3.25.2+<\/p>\n\n\n\n
SQL Injection; 9.3<\/strong>\/10; Update to v3.0.9+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#4 – wp.org Temporarily Shuts Down Most Services<\/h2>\n\n\n\n