If OMGF Pro is running on your site, you’re facing a critical 10/10 security risk, while others like Elementor and MainWP are waving red flags too. As threats against WordPress continue to grow, we show you what to watch for and how to respond the right way. (see below)
#1 – Critical Security Risks in Popular Plugin
This plugin contains a high-severity vulnerability that unauthenticated attackers can exploit to plant harmful scripts on your site. Update to the patched version right away.
OMGF Pro Plugin
Arbitrary File Upload; 10/10; Update to v5.2.7+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#2 – Other Security Risks in Popular Plugins and Themes
These plugins and themes carry known vulnerabilities that are being actively exploited at scale. Update today, not tomorrow.
Post Duplicator Plugin
PHP Object Injection; 8.8/10; Update to v3.0.15+
Paid Memberships Pro Plugin
CSRF; 8.8/10; Update to v0.7.3+
Gravity Forms Bookings Premium Plugin
SQL Injection; 8.5/10; Update to v2.7.2+
WP All Import Plugin
SQL Injection; 7.6/10; Update to v4.1.0+
Splash – Sport Club WordPress Theme
Local File Inclusion; 7.5/10; Update to v4.4.4+
MainWP Child Plugin
Broken Access Control; 7.5/10; Update to v6.1.2+
Responsive Lightbox Plugin
XSS; 7.1/10; Update to v2.7.7+
SureCart Plugin
XSS; 7.1/10; Update to v4.3.3+
Elementor Website Builder Plugin
Sensitive Data Exposure; 6.5/10; Update to v4.1.4+
SeedProd Pro Plugin
XSS; 6.5/10; Update to v6.19.5+
Essential Blocks for Gutenberg Plugin
XSS; 6.5/10; Update to v6.2.0+
Cornerstone Plugin
Broken Access Control; 6.5/10; Update to v7.8.8+
Neve PRO Theme
XSS; 6.5/10; Update to v3.1.3+
Kirki Plugin
SSRF; 4.9/10; Update to v6.0.12+
SEOPress PRO Plugin
Broken Access Control; 4.3/10; Update to v9.2+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#3 – High Security Risks in Less Popular Plugins
Attackers do not only go after the big plugins. These smaller ones are on their radar too, and the risks they carry are no less severe. Review your site and update immediately.
Booster for WooCommerce Plugin
Arbitrary File Upload; 9.9/10; Update to v8.0.2+
Dokan Pro Plugin
Privilege Escalation; 9.8/10; Update to v5.0.5+
Buddyboss Platform Plugin
PHP Object Injection; 9.8/10; Update to v3.0.5+
Tourfic Plugin
SQL Injection; 9.3/10; Update to v2.22.8+
TemplateSpare Plugin
Arbitrary File Upload; 9.1/10; Update to v4.2.1+
Editor Comment
It’s worth taking a few minutes each week to perform a sites review to catch issues early and wherever possible, use ShieldPRO’s auto-upgrade feature for vulnerable plugins.
#4 – Our blog: WordPress Security Risks
99% of WordPress vulnerabilities come from plugins and themes, not core. Learn where risk actually lives, how to spot compromise, and which security approach fits.
Thanks for reading, and have a wonderful week!
Paul Goodchild
Shield Security for WordPress
