We bring the latest plugin security risks, including Elementor Pro and a recurring vulnerability in Ninja Forms.<\/p>\n\n\n\n
Hackers exploit outdated WordPress versions and plugins to spread malware. Plus, catch up on the new updates in the WordPress community and learn how to keep your Contact Form 7 spam-free, from our blog.<\/p>\n\n\n\n
Lower severity but timely updates are key, as these plugins affect millions of sites.<\/p>\n\n\n\n
Forminator Plugin<\/a><\/strong> ElementsKit Pro Plugin<\/a><\/strong> Ninja Forms Plugin<\/a><\/strong> Tracking Code Manager Plugin<\/a><\/strong> Elementor Pro Plugin<\/a><\/strong> Editor Comment<\/strong> Even less popular plugins, but with high-severity risks, like the ones below, can lead to major security issues.<\/p>\n\n\n\n ThemeREX Addons Plugin<\/a><\/strong> Media Manager for UserPro Plugin<\/a><\/strong> iControlWP Plugin<\/a><\/strong> Eventer Plugin<\/a><\/strong> Borderless Plugin<\/a><\/strong> Editor Comment<\/strong> Hackers are exploiting outdated WordPress versions and plugins to infect thousands of sites, aiming to trick visitors into downloading malware. The malware steals personal information from both Windows and Mac users. The attack, still ongoing, redirects visitors to fake Chrome update pages that prompt them to download harmful files.<\/p>\n\n\n\n More Info \u2192<\/a><\/p>\n\n\n\n A growing movement is pushing to build a parallel community to WordPress, aiming to increase stability and ensure its continued popularity. Disputes between Matt Mullenweg and WP Engine could shift control away from Automattic.<\/p>\n\n\n\n The community is also exploring decentralizing plugin and theme distribution through multiple channels to reduce Automattic’s control.<\/p>\n\n\n\n
XSS; 7.1\/10; Update to v1.38.3+<\/p>\n\n\n\n
XSS; 6.5\/10; Update to v3.7.9+<\/p>\n\n\n\n
XSS; 6.5\/10; Update to v3.8.25+<\/p>\n\n\n\n
XSS; 6.5\/10; Update to v2.4.0+<\/p>\n\n\n\n
Sensitive Data Exposure; 4.3\/10; Update to v3.25.11+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#2 – High Security Risks in Less Popular Plugins<\/h2>\n\n\n\n
Arbitrary File Upload; 10<\/strong>\/10; Update to v2.34.0+<\/p>\n\n\n\n
Broken Access Control; 9.8<\/strong>\/10; No fix; Remove\/or replace.<\/p>\n\n\n\n
PHP Object Injection; 9.8<\/strong>\/10; Update to v4.5.2+<\/p>\n\n\n\n
SQL Injection; 9.3<\/strong>\/10; Update to v3.9.9+<\/p>\n\n\n\n
RCE; 9.1<\/strong>\/10; No fix; Remove\/or replace.<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#3 – Hackers Target Outdated WordPress Versions and Plugins to Spread Malware<\/h2>\n\n\n\n
#4 – WordPress Community Moves Toward Decentralization and Shared Control<\/h2>\n\n\n\n