Select Page

March 2021 has seen 10 vulnerable plugins and themes for WordPress sites, which has affected about 400,000 total websites. Running WordPress sites requires keeping up to date on the latest security vulnerabilities and fixes like the ones below. 

Although these vulnerabilities have received a virtual patch to the WebARX firewall, to be safe you should update or delete the plugins immediately from your site.

WooCommerce Upload Files Premium

Enables users to upload files, preview images, add additional fees, and more. Vulnerability affects over 5,000 sites.  

Solution: Update WordPress WooCommerce Upload Files premium plugin to the latest available version.

User Profile Picture

Sets/removes profile images for users using the standard WordPress media upload tool. Vulnerability affects 60,000 sites.

Solution: Update WordPress User Profile Picture plugin to the latest available version.

Forminator

Form builder for WordPress. Vulnerability affects 100,000 sites.  

Solution: Update the WordPress Forminator plugin to the latest available version.

Dokan

WordPress marketplace plugin. Vulnerability affects 60,000 sites. 

Solution: Update WordPress Dokan plugin to the latest available version.

Defender Security 

Security plugin for WordPress. Vulnerability affects 50,000 sites.

Solution: Update WordPress Defender Security plugin to the latest available version.

Abandoned Cart Lite for WooCommerce

Helps recover carts from WooCommerce shop. Vulnerability affects 30,000 sites. 

Solution: Update WordPress Abandoned Cart Lite for WooCommerce plugin to the latest available version.

Style Kits for Elementor

Adds UI controls to Theme Styles for layout systems in Elementor. Vulnerability affects 10,000 sites.

Solution: Update WordPress Style Kits plugin to the latest available version.

WP ERP

WordPress business management solution. Vulnerability affects 10,000 sites.

Solution: Update WordPress WP ERP plugin to the latest available version.

WP Project Manager

WordPress project management tool. Vulnerability affects 10,000 sites.

Solution: Update WordPress WP Project Manager plugin to the latest available version.

WP Travel 

Travel engine for making customized travel websites on WordPress. Vulnerability affects 6,000 sites.

Solution: Update WordPress WP Travel plugin to the latest available version.

We at the Web Professionals Organization are not endorsing WebARX, but they have put together a great list from their research and work in server security, protection and monitoring. For more information on these vulnerabilities on the WebARX site, click here.