K2's Security Spotlight: Add-ins For WordPress

WordPress is a popular tool for creating and working with websites. In fact, many estimates show that WordPress is the most commonly-used tool for managing content on websites. To illustrate, the team at K2 Enterprises uses WordPress to maintain its website. Further, it is likely that your organization uses WordPress to manage content on its website also.

The threats associated with wordpress add-ins

Like all technology platforms, WordPress users must pay attention to security and privacy. Common threats to WordPress-maintained sites include password hacking, database attacks, and brute force attacks. However, a new threat is now threatening your site in a way that you and your team may not have considered. Specifically, WordPress-maintained sites are under attack from weaknesses in add-ins that are used to supplement WordPress’ functionality.

Many WordPress users install add-ins to enhance their websites. Examples of these tools include Elementor, Formidable, and Yoast. Each of these adds options and features that are not otherwise available in WordPress. Unfortunately, some WordPress add-ins have security flaws that can make your website vulnerable.

An example of an add-in threat

As an example, The SANS Institute recently reported that the popular add-in “Total Donations” has a critical security flaw. More specifically, this zero-day vulnerability could allow bad actors to gain administrative access to your website and steal money collected through the add-in. The recommended course of action is to remove Total Donations from your instance of WordPress.


Threats such as the one found in Total Donations are yet another example of how cybercriminals seek to use technology for illicit and illegal activities. Further, these types of issues reinforce the need to stay abreast of the threats that appear daily.

Websites such as  www.sans.org and www.threatpost.com are excellent resources for you to use to minimize this risk for you and your team.