{"id":170466,"date":"2025-09-15T15:21:39","date_gmt":"2025-09-15T14:21:39","guid":{"rendered":"https:\/\/getshieldsecurity.com\/?p=170466"},"modified":"2025-09-15T15:21:40","modified_gmt":"2025-09-15T14:21:40","slug":"shieldnotes-74","status":"publish","type":"post","link":"https:\/\/getshieldsecurity.com\/blog\/shieldnotes-74\/","title":{"rendered":"Critical Vulnerabilities in Ninja Forms, The Events Calendar; & Safe Theme Update Strategies"},"content":{"rendered":"\n

High-risk vulnerabilities hit Ninja Forms and The Events Calendar, impacting more than a million sites, with several other widely-used plugins close behind.<\/p>\n\n\n\n

Stay protected and preserve your tweaks with our safe theme update strategies. (see below)<\/p>\n\n\n\n

#1 – High Security Risks in Popular Plugins<\/h2>\n\n\n\n

Over 1.3 million sites are vulnerable with extremely high-severity risk. Update these plugins ASAP.<\/p>\n\n\n\n

Ninja Forms Plugin<\/a><\/strong>
PHP Object Injection; 9.8<\/strong>\/10; Update to v3.11.1+<\/p>\n\n\n\n

The Events Calendar Plugin<\/a><\/strong>
SQL Injection; 9.3<\/strong>\/10; Update to v6.15.1.1+

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#2 – Lower Security Risks in Popular Plugins<\/h2>\n\n\n\n

These plugins power 400,000+ sites, putting many at risk. Update yours.<\/p>\n\n\n\n

Tutor LMS Plugin<\/a><\/strong>
SQL Injection; 7.6\/10; Update to v3.8.0+<\/p>\n\n\n\n

WP All Import Plugin<\/a><\/strong>
Arbitrary File Upload; 7.2\/10; Update to v3.9.4+<\/p>\n\n\n\n

ShopLentor Plugin<\/a><\/strong>
XSS; 6.5\/10; Update to v3.2.1+<\/p>\n\n\n\n

NitroPack Plugin<\/a><\/strong>
Broken Access Control; 5.4\/10; Update to v1.18.5+<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#3 – High Security Risks in Less Popular Plugins and Themes<\/h2>\n\n\n\n

Hidden from the spotlight but critical\u2014one theme vulnerability scores 10\/10 and remains unpatched.<\/p>\n\n\n\n

Doccure Theme<\/a><\/strong>
Arbitrary File Upload; 10<\/strong>\/10; No fix; Remove\/or replace.<\/p>\n\n\n\n

Mow Theme<\/a><\/strong>
CSRF; 9.6<\/strong>\/10; Update to v4.11+<\/p>\n\n\n\n

Responsive Filterable Portfolio Plugin<\/a><\/strong>
Arbitrary File Upload; 9.1<\/strong>\/10; Update to v1.0.25+<\/p>\n\n\n\n

Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n

#4 – Our blog: How to Update WordPress Theme Without Losing Changes<\/h2>\n\n\n\n

Updating your WordPress theme doesn\u2019t have to mean losing your hard work. With the right strategy, your site can stay compatible, fast, and bug-free while preserving all your customisations.<\/p>\n\n\n\n

More Info \u2192<\/a><\/p>\n\n\n\n

Thanks for reading, and have a wonderful week!<\/p>\n\n\n\n

Paul Goodchild<\/strong>
Shield Security for WordPres<\/em>s<\/p>\n","protected":false},"excerpt":{"rendered":"

High-risk vulnerabilities hit Ninja Forms and The Events Calendar, impacting more than a million sites, with several other widely-used plugins close behind. Stay protected and preserve your tweaks with our safe theme update strategies.<\/p>\n","protected":false},"author":27,"featured_media":163832,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[153,201],"tags":[69],"class_list":["post-170466","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-wordpress-solutions","category-shieldnotes","tag-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/170466","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/comments?post=170466"}],"version-history":[{"count":3,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/170466\/revisions"}],"predecessor-version":[{"id":170469,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/posts\/170466\/revisions\/170469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media\/163832"}],"wp:attachment":[{"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/media?parent=170466"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/categories?post=170466"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/getshieldsecurity.com\/wp-json\/wp\/v2\/tags?post=170466"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}