The Most Exploited WordPress Plugin Vulnerabilities in Early 2025

By /

Critical Security Flaws Leave Thousands of Sites at Risk

A recent security report has revealed the four most exploited vulnerabilities in WordPress plugins during the first quarter of 2025. These critical flaws, initially discovered and patched in 2024, remain unpatched on many websites, leaving them vulnerable to cyberattacks.

Two of these security loopholes were exploited for the first time in early 2025, demonstrating how unpatched vulnerabilities continue to be a primary attack vector for hackers. Cybercriminals leveraged these flaws to execute arbitrary code, gain unauthorized access, and exfiltrate sensitive data from WordPress websites.

The Four Most Exploited WordPress Vulnerabilities

1. CVE-2024-27956: SQL Injection in WordPress Automatic Plugin

– Affected Plugin: WordPress Automatic Plugin (40,000+ installs)

  • Issue: A critical SQL injection vulnerability allowed unauthenticated attackers to manipulate the database through the auth POST parameter in the CSV export feature.
  • Exploitation: First reported in May 2024 by Wallarm, Patchstack has since blocked over 6,500 attacks targeting this flaw.

– Fix: Resolved in version 3.92.1

  1. CVE-2024-4345: File Upload Vulnerability in Startklar Elementor Addons

– Affected Plugin: Startklar Elementor Addons (5,000+ installs)

  • Issue: The plugin lacked file type validation, allowing unauthenticated attackers to upload executable files and take over sites.
  • Exploitation: Thousands of attack attempts were blocked by Patchstack.

– Fix: Resolved in version 1.7.14

3. CVE-2024-25600: Remote Code Execution in Bricks Theme

– Affected Plugin: Bricks Theme (30,000+ installs)

  • Issue: A security weakness in the bricks/v1/render_element REST API endpoint allowed unauthenticated execution of PHP code.
  • Exploitation: Detected in February 2024 by both Patchstack and Wordfence, with hundreds of unauthorized execution attempts blocked.

– Fix: Resolved in version 1.9.6.1

4. CVE-2024-8353: PHP Object Injection in GiveWP Plugin

– Affected Plugin: GiveWP (100,000+ installs)

  • Issue: An insecure deserialization vulnerability in donation-related parameters (give_ and card_) allowed for PHP object injection, leading to potential full-site takeover.
  • Exploitation: Patchstack identified and blocked hundreds of malicious activity attempts.

– Fix: Resolved in version 3.16.2

The Bigger Picture: Security Measures and Recommendations

While many exploitation attempts fail due to security measures, the risk remains significant for unprotected sites. Many WordPress site administrators do not apply timely updates, leaving their websites vulnerable. Given the widespread use of WordPress, hackers have ample opportunities to find unpatched sites and exploit them.

To enhance security, website administrators should:

– Regularly update WordPress plugins and themes.

– Disable unused plugins and delete inactive accounts.

  • Implement strong passwords and multi-factor authentication (MFA) for administrator accounts.

What Undercode Say: The Cybersecurity Breakdown

WordPress remains a prime target for hackers due to its popularity. The vulnerabilities highlighted in this report reflect broader trends in web security:

1. Why Do These Vulnerabilities Exist?

  • Most plugin developers release patches quickly, but many website owners fail to update their plugins in time.
  • Some vulnerabilities, like insecure deserialization (CVE-2024-8353), stem from poor coding practices that persist across different plugins.
  • File upload flaws, such as in Startklar Elementor Addons, are common because input validation is often overlooked by developers.

2. The Rising Threat of Automated Attacks

  • Hackers use automated scanning tools to identify vulnerable sites at scale.
  • SQL injection (CVE-2024-27956) and remote code execution (CVE-2024-25600) are particularly dangerous because they enable full database control and site takeovers.

3. The Role of Security Plugins

  • Patchstack and Wordfence successfully blocked many attacks, but not all WordPress sites use security plugins.
  • Virtual patching can mitigate risks, but manual updates remain essential.

4. What Should Site Owners Do?

  • Security-first mindset: Regular audits and proactive security measures can prevent most attacks.
  • Plugin hygiene: If a plugin is rarely updated or has a history of vulnerabilities, consider removing it altogether.
  • Zero-trust approach: Assume that any external input (files, form submissions, API requests) can be malicious and implement proper validation.

5. Looking Ahead: What to Expect in 2025

  • More zero-day exploits: Hackers will continue to find new ways to exploit WordPress plugins before patches are available.
  • Increased AI-driven cyberattacks: AI-powered tools will make it easier for attackers to automate exploitation attempts.
  • Stronger security standards: WordPress and third-party plugin developers will need to improve security practices to reduce vulnerabilities.

Fact Checker Results

✔ The listed vulnerabilities are verified and publicly documented in security advisories.
✔ Patchstack and Wordfence confirm the active exploitation of these vulnerabilities.
✔ Security updates have been released for all four vulnerabilities, but the risk remains due to slow adoption.

Website security is an ongoing battle—staying informed and proactive is the best defense against cyber threats.

References:

Reported By: https://www.bleepingcomputer.com/news/security/the-four-wordpress-flaws-hackers-targeted-the-most-in-q1-2025/
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image