Critical vulnerabilities in WordPress plugins – May 2023

To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

Critical vulnerabilities in WordPress plugins – May 2023

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

Vulnerability in Essential Addons for Elementor

A WordPress plugin with over one million active installations.

A patch was released for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts with administrative-level access.

Over the past few days, we’ve seen millions of probing attempts for the plugin’s readme.txt file, which are likely to be attackers probing for the plugin to build a target site exploit list, along with over 6,900 blocked exploit attempts.

Considering how easily this vulnerability can be successfully exploited, we highly recommend all users of the plugin update ASAP to ensure their site is not compromised by this vulnerability.


Multiple Vulnerabilities Patched in Shield Security

A security plugin with over 50,000 installations.

One of these vulnerabilities allowed unauthenticated attackers to inject malicious JavaScript into an administrator dashboard in some configurations, while another allowed authenticated attackers to spoof log entries into the same dashboard, which could also be used to exploit the first vulnerability in configurations where the unauthenticated technique was not viable.

These vulnerabilities have been fully patched in version 17.0.18 you should update to.


A vulnerability in Blubrry’s PowerPress plugin

Installed on more than 50,000 WordPress websites.

The vulnerability enables threat actors with contributor-level permissions or higher to inject malicious web scripts into pages using the plugin’s shortcode.

As always, it is recommended to update to the latest version as soon as possible.


You can find the free vulnerability database on their website.

Last week, 105 WordPress plugins and 2 WordPress themes were disclosed with 139 vulnerabilities.

All the best,


Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment, or subscribe to my newsletter (and enjoy my gift to you). I thank you if you do. 😉

Add a Comment

Your email address will not be published. Required fields are marked *