We would like to inform you of the top 5 most commonly used vulnerable plugins as of 2022. If you are using any of these plug-ins, please update your site as soon as possible.

Vulnerability #1 Contact Form 7

Contact Form 7 is the most commonly used WordPress contact form creation plugin.

Vulnerability risk 100 (highest) Vulnerable version 5.3.1 or lower Vulnerability description -> CVE-2020-35489

Vulnerability #2 Ninja Forms

Ninja Forms is a WordPress form creation embedding plugin.

Vulnerability risk 98 Vulnerable version 2.9.42 or lower Vulnerability description -> CVE-2016-1209

Vulnerability #3 Yoast SEO

Yoast SEO is a plugin for WordPress SEO.

Vulnerability risk 98 Vulnerable version 11.5 or lower Vulnerability description -> CVE-2019-13478

Vulnerability #4 Elementor,Essential Addons for Elementor

Elementor and its extended add-on Essential Addons for Elementor is a plugin mainly for layouts that allows users to create WordPress pages using drag-and-drop.

Elementor
Vulnerability risk level 88 Vulnerable version 3.6.0 or lower Vulnerability description -> CVE-2022-1329

Essential Addons for Elementor
Vulnerability level 98 Vulnerable version 5.0.5 or lower Vulnerability description→CVE-2022-0320

Vulnerability #5 File Manager

File Manager is a plugin that adds file upload and editing functions to the WordPress administration screen, similar to FTP software.

Vulnerability risk 100 Vulnerable version 6.9 or lower Vulnerability description -> CVE-2020-25213

CVE-2020-25213

Plug-in that can scan vulnerabilities in more than 1000 other plug-ins
Please use [ Free] WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Terms of Use for Generated AI

This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.

Related Posts:

  1. Disable updating only certain plugins in wordpress
    This section explains how to rewrite the version to a higher value so that only certain plugins cannot be updated in WordPress. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using...
  2. [Urgent] File Upload Vulnerability in Contact Form 7 v5.3.1 and Below
    A file-uploadable (most dangerous) vulnerability was discovered in the Contact Form 7 plugin 5.3.1 and below, which is installed in 5 million sites. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content...
  3. How to check individual WordPress plugins for vulnerabilities
    It is said that 60% of WordPress hacks are program (theme or plugin) vulnerabilities. We will explain how to check for vulnerabilities in your plugins individually. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the...
  4. Serious Vulnerability in WordPress Jetpack Plugin
    A serious vulnerability has been discovered in the Jetpack plugin for WordPress and a version update has been distributed. This section explains how to deal with this vulnerability. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are...
  5. How Hackers Discover Your WordPress Site Dork
    It is dangerous to run a WordPress site and think that it will not be targeted because of low traffic. We will explain why low traffic does not necessarily mean that your site will not be hacked. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by...
  6. Vulnerability in wordpress plugin yuzo related posts, plugin cannot be downloaded
    There is a vulnerability in the wordpress plugin yuzo related posts, but no update has been released. this article explains how to resolve the vulnerability in yuzo related posts. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions...