{"id":167037,"date":"2025-01-28T12:59:18","date_gmt":"2025-01-28T12:59:18","guid":{"rendered":"https:\/\/getshieldsecurity.com\/?p=167037"},"modified":"2025-01-28T12:59:19","modified_gmt":"2025-01-28T12:59:19","slug":"shieldnotes-50","status":"publish","type":"post","link":"https:\/\/getshieldsecurity.com\/blog\/shieldnotes-50\/","title":{"rendered":"Spotlight on Popular Plugins and Themes; & Elementor Security Strategies"},"content":{"rendered":"\n

This week, new security risks in popular plugins and themes, including Avada and Really Simple SSL, came to light.<\/p>\n\n\n\n

Our latest blog post also covers Elementor vulnerabilities and offers ways to mitigate threats and protect your site.<\/p>\n\n\n\n

#1 – Security Risks in Popular Plugins & Themes<\/h2>\n\n\n\n

The following plugins and themes, while not critically compromised, affect millions of sites, and you might likely be using 1 of them.<\/p>\n\n\n\n

String Locator Plugin<\/a><\/strong>
PHP Object Injection; 7.2\/10; Update to v2.6.7+<\/p>\n\n\n\n

The Events Calendar Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v6.9.1+<\/p>\n\n\n\n

Betheme Theme<\/a><\/strong>
XSS; 6.5\/10; Update to v27.6.2+<\/p>\n\n\n\n

Prime Slider \u2013 Addons For Elementor Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v3.16.6+<\/p>\n\n\n\n

Stackable Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v3.13.12+<\/p>\n\n\n\n

JetElements For Elementor Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v2.7.3+<\/p>\n\n\n\n

Avada Theme<\/a><\/strong>
Broken Access Control; 5.3\/10; Update to v7.11.11+<\/p>\n\n\n\n

Really Simple SSL Plugin<\/a><\/strong>
CSRF; 4.3\/10; Update to v9.2.0+<\/p>\n\n\n\n

Starter Templates Plugin<\/a><\/strong>
CSRF; 4.3\/10; Update to v4.4.10+<\/p>\n\n\n\n

FluentSMTP Plugin<\/a><\/strong>
CSRF; 4.3\/10; Update to v2.2.81+<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#2 – High Security Risks in Less Popular Plugins & Themes<\/h2>\n\n\n\n

These plugins and themes may have lower usage, but they bring extremely high risks.<\/p>\n\n\n\n

WPBot Pro WordPress Chatbot Plugin<\/a><\/strong>
Arbitrary File Upload; 10<\/strong>\/10; Update to v13.5.6+<\/p>\n\n\n\n

RealHomes Theme<\/a><\/strong>
Privilege Escalation; 9.8<\/strong>\/10; No fix; Remove\/or replace.<\/p>\n\n\n\n

AdForest Theme<\/a><\/strong>
Broken Authentication; 9.8<\/strong>\/10; Update to v5.1.9+<\/p>\n\n\n\n

GamiPress Plugin<\/a><\/strong>
SQL Injection; 9.3<\/strong>\/10; Update to v7.2.2+<\/p>\n\n\n\n

Product Table by WBW Plugin<\/a><\/strong>
SQL Injection; 9.3<\/strong>\/10; Update to v2.1.3+<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#3 – Our blog: Protect Your Site from Elementor Security Risks<\/h2>\n\n\n\n

Tools like Elementor, while trusted, can still face security issues. That\u2019s why it’s important to not only rely on updates but also take extra precautions to protect from emerging threats.<\/p>\n\n\n\n

Explore what steps you can take to strengthen your site.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

Thanks for reading, and have a wonderful week!<\/p>\n\n\n\n

Paul Goodchild<\/strong>
Shield Security for WordPress<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

This week, new security risks in popular plugins and themes, including Avada and Really Simple SSL, came to light. Our latest blog post also covers Elementor vulnerabilities and offers ways to mitigate threats and protect your site.<\/p>\n","protected":false},"author":27,"featured_media":163832,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[153,201],"tags":[69],"class_list":["post-167037","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-wordpress-solutions","category-shieldnotes","tag-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/comments?post=167037"}],"version-history":[{"count":7,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167037\/revisions"}],"predecessor-version":[{"id":167064,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167037\/revisions\/167064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media\/163832"}],"wp:attachment":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media?parent=167037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/categories?post=167037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/tags?post=167037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}