2019’s Vulnerable WordPress Plugins to Avoid

Wordpress plugins

WordPress is the most popular CMS in the world. It powers millions of websites worldwide, and a vast number of people use it every day. A main reason why so many people use it is that it has great security and many plugin options.

However, this doesn’t mean that WordPress is completely secure, and it doesn’t mean that its plugins don’t present a liability. Even if your website is properly maintained and your plugins are updated on regularly, there are still those that pose a security risk.

Here are some of the vulnerable plugins on WordPress that you should avoid:


WooCommerce is the main ecommerce plugin on WordPress, powering around a third of online stores, and boasting more than 4 million users. As it’s used for customer payments, it’s only natural that it’s one of the primary targets for online criminals.

All ecommerce stores gather and store their customers’ payment and personal data, and that’s why they are a high priority for hackers. Since 2014 WooCommerce has had 19 major security warnings, and it has many extensions that are vulnerable as well.

Yoast SEO

The Yoast SEO plugin has more than 5 million installations, and it’s the most popular plugin on WordPress. This is why its security weaknesses are so dangerous. It has 10 vulnerability warnings, and the Google Analytics plugin from Yoast extends to an additional five.

It has an authenticated race condition flaw that can potentially enable remote code execution. This vulnerability can be exposed easily if the plugin setup is incorrect. The newest version has fixed this issue, but most users still use the previous one.


This redirect manager plugin has over a million users. It’s designed to help redirect bad links and manage page errors. It helps improve SEO by managing broken links and ridding of any loose ends. Redirection didn’t have any notable weaknesses until 2018 when two major flaws were discovered.

It was diagnosed with an injection flaw and forged requests which could lead to exposed sites being completely taken over. Even though this major issue was fixed, only around a third of current installations are updated to the latest version.

Contact Form 7

Contact Form is the second most popular WordPress plugin after Yoast SEO. This plugin helps website users create and manage their contact forms. It doesn’t have many flaws, but it has issues with privilege escalation and its large user base.

Even though this flaw isn’t that dangerous on its own, a smart attacker can use it to put malicious files on a site. This could later escalate into larger security issues. The latest version of this plugin has fixed the issue, but less than a third of Contact Form 7 users have actually updated it.

If you can, look for alternative plugins that can do the same job. If you really have to use some of these plugins, make sure that you update them regularly, and follow security recommendations. For additional cybersecurity assistance, partner with Fulton May Solutions today!

More Posts
Skip to content