The following plugins represent a significant security threat. We do not allow the installation or use of these plugins for any reason. They are easy targets for hackers, and have known vulnerabilities. These plugins will be proactively removed from your site without confirmation, on our routine scans. We will notify you via a support ticket if we have removed one of these plugins.
WP File Manager
Added Jan-23-21. Threat Level: Critical
This plugin allows anyone with admin access to freely access all files and folders of a website, the WordPress admin dashboard, as well as download and upload files directly into the website. In addition to known vulnerabilities, it can be used to inject malware, trojans and any number of malicious files into an existing website.
WordPress Social Sharing Plugin – Social Warfare
Added Jan-23-21. Threat Level: High
Another plugin with poor-coding and known vulnerabilities. This plugin has been compromised numerous times, leading to hacked websites. Users report numerous bugs and problems with updates.