{"id":167680,"date":"2025-03-12T13:05:40","date_gmt":"2025-03-12T13:05:40","guid":{"rendered":"https:\/\/getshieldsecurity.com\/?p=167680"},"modified":"2025-03-12T13:07:01","modified_gmt":"2025-03-12T13:07:01","slug":"shieldnotes-56","status":"publish","type":"post","link":"https:\/\/getshieldsecurity.com\/blog\/shieldnotes-56\/","title":{"rendered":"Weekly Vulnerabilities; Trust-Building and Performance Strategies"},"content":{"rendered":"\n

This is a fresh roundup of plugin and theme vulnerabilities with key maintenance steps to keep your WordPress site secure, reliable, and performing at its best.<\/p>\n\n\n\n

#1 – Security Risks in Popular Plugins<\/h2>\n\n\n\n

These plugins aren’t heavily affected, but their popularity makes them important to monitor.<\/p>\n\n\n\n

Post SMTP Plugin<\/a><\/strong>
SQL Injection; 7.6\/10; Update to v3.1.3+<\/p>\n\n\n\n

The Plus Addons for Elementor Page Builder Lite Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v6.2.3+<\/p>\n\n\n\n

FooGallery Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v2.4.30+<\/p>\n\n\n\n

Advanced File Manager Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v5.3.0+<\/p>\n\n\n\n

Download Manager Plugin<\/a><\/strong>
Sensitive Data Exposure; 5.3\/10; Update to v3.3.07+<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#2 – Security Risks in Less Popular Plugins & Themes<\/h2>\n\n\n\n

These plugins\/themes carry high security risks, especially 2 that remain unaddressed.<\/p>\n\n\n\n

Javo Core Plugin<\/a><\/strong>
Privilege Escalation; 9.8<\/strong>\/10; Update to v3.0.0.266+<\/p>\n\n\n\n

InWave Jobs Plugin<\/strong><\/a>
Privilege Escalation; 9.8<\/strong>\/10; Removed from wp.org; No fix; Remove\/or replace.<\/p>\n\n\n\n

Golo Theme<\/a><\/strong>
Broken Access Control; 9.8<\/strong>\/10; Update to v1.6.11+<\/p>\n\n\n\n

WPCOM Member Plugin<\/a><\/strong>
Privilege Escalation; 9.8<\/strong>\/10; Update to v1.7.6+<\/p>\n\n\n\n

WP-Recall Plugin<\/a><\/strong>
SQL Injection; 9.3<\/strong>\/10; Update to v16.26.12+<\/p>\n\n\n\n

miniOrange Social Login and Register Pro Addon Plugin<\/a><\/strong>
Broken Authentication; 8.1\/10; No fix; Remove\/or replace.<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#3 – Our blog: Essential Tips for WordPress Website Maintenance<\/h2>\n\n\n\n

Visitor trust relies on the reliability and performance of your WordPress site. Regular maintenance is key to keeping it secure and running smoothly, going beyond bug fixes and updates. It ensures a smooth user experience and protects both you and your audience online.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

Thanks for reading, and have a wonderful week!<\/p>\n\n\n\n

Paul Goodchild<\/strong>
Shield Security for WordPress<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

This is a fresh roundup of plugin and theme vulnerabilities with key maintenance steps to keep your WordPress site secure, reliable, and performing at its best.<\/p>\n","protected":false},"author":27,"featured_media":163832,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[153,201],"tags":[69],"class_list":["post-167680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-wordpress-solutions","category-shieldnotes","tag-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/comments?post=167680"}],"version-history":[{"count":13,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167680\/revisions"}],"predecessor-version":[{"id":167712,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/167680\/revisions\/167712"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media\/163832"}],"wp:attachment":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media?parent=167680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/categories?post=167680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/tags?post=167680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}