New vulnerabilities this week range from recurring issues in popular plugins to a serious high\u2011risk threat in ACF.<\/p>\n\n\n\n
We also include a security checklist from our blog to help keep your WordPress site safe.<\/p>\n\n\n\n
A critical vulnerability in this plugin could allow unauthorised high-level privilege access, potentially enabling full site compromise across 100,000+ installations.<\/p>\n\n\n\n
Advanced Custom Fields: Extended Plugin<\/a> Small glitches aside, these widely used plugins remain critical to track, as they affect millions of sites.<\/p>\n\n\n\n Happy Addons for Elementor Plugin<\/a> Beaver Builder Plugin<\/a> BuddyPress Plugin<\/a> Custom Fonts \u2013 Host Your Fonts Locally Plugin<\/a> Schema & Structured Data for WP & AMP Plugin<\/a> The Events Calendar Plugin<\/a> Photo Gallery by 10Web Plugin<\/a> Newsletter Plugin<\/a> Metform Plugin<\/a> Editor Comment<\/strong> These plugins may be less common but are high risk wherever they are used.<\/p>\n\n\n\n Real Homes CRM Plugin<\/a> LA-Studio Element Kit for Elementor Plugin<\/a> Nexter Extension Plugin<\/a> Academy LMS Plugin<\/a> MailerLite \u2013 WooCommerce integration Plugin<\/a> Xpro Elementor Addons Plugin<\/a> Nelio AB Testing Plugin<\/a> Editor Comment<\/strong> Keeping your website secure can seem daunting at first. To make it easy for you we have put together a comprehensive checklist that you should look for when securing your WordPress website.<\/p>\n\n\n\n
<\/strong>Privilege Escalation; 9.8<\/strong>\/10; Update to v0.9.2.2+
Editor Comment<\/strong>
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#2 – Lower Security Risks in Popular Plugins<\/h2>\n\n\n\n
<\/strong>SQL Injection; 8.5\/10; Update to v3.20.6+<\/p>\n\n\n\n
<\/strong>Arbitrary Code Execution; 7.5\/10; Update to v2.9.4.2+<\/p>\n\n\n\n
<\/strong>Arbitrary Code Execution; 7.3\/10; Update to v14.3.4+<\/p>\n\n\n\n
<\/strong>Broken Access Control; 6.5\/10; Update to v2.1.17+<\/p>\n\n\n\n
<\/strong>XSS; 6.5\/10; Update to v1.54.1+<\/p>\n\n\n\n
<\/strong>Broken Access Control; 5.4\/10; Update to v6.15.13.1+<\/p>\n\n\n\n
<\/strong>Broken Access Control; 5.3\/10; Update to v1.8.37+<\/p>\n\n\n\n
<\/strong>CSRF; 4.3\/10; Update to v9.1.1+<\/p>\n\n\n\n
<\/strong>Broken Authentication; 3.7\/10; Update to v4.1.1+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#3 – High Security Risks in Less Popular Plugins<\/h2>\n\n\n\n
<\/strong>Arbitrary File Upload; 9.9<\/strong>\/10; Update to v1.0.1+<\/p>\n\n\n\n
<\/strong>Backdoor; 9.8<\/strong>\/10; Update to v1.6.0+<\/p>\n\n\n\n
<\/strong>PHP Object Injection; 9.8<\/strong>\/10; Update to v4.4.7+<\/p>\n\n\n\n
<\/strong>Privilege Escalation; 9.8<\/strong>\/10; Update to v3.5.1+<\/p>\n\n\n\n
<\/strong>SQL Injection; 9.3<\/strong>\/10; Update to v3.1.3+<\/p>\n\n\n\n
<\/strong>Arbitrary File Upload; 9.1<\/strong>\/10; Update to v1.4.20+<\/p>\n\n\n\n
<\/strong>Arbitrary Code Execution; 9.1<\/strong>\/10; Update to v8.2.0+<\/p>\n\n\n\n
It’s worth taking a few minutes each week to perform a sites review<\/a> to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade<\/a> feature for vulnerable plugins.<\/p>\n\n\n\n#4 – Our blog: WordPress Security Checklist<\/h2>\n\n\n\n