10 WordPress Vulnerable Plugins You Must Remove Right Now And Their Alternatives


Wordfence recently published a list of abandoned plugins with serious vulnerabilities. As we always say WordPress vulnerable plugins are the most preferred path used by hackers to get into your website.


WordFence one of the best WordPress security plugin which tightens your WordPress security. They recently released a list of WordPress vulnerable pluginsthat is been abandoned by the authors also.

We thought to make it more useful by suggesting a better alternative for the vulnerable plugins and that’s what we are going to see in this post.

[the_ad id=’6609′]

[tables_content title=”Abandoned WordPress Plugins Which Are Vulnerable”][table_content link_type=”custom-link” title=”WP PHP Widget” link=”#php”][table_content link_type=”custom-link” title=”WP Post to PDF” link=”#pdf”][table_content link_type=”custom-link” title=”Spreadsheet Plugin” link=”#sheet”][table_content link_type=”custom-link” title=”Bookmarkify” link=”#mark”][table_content link_type=”custom-link” title=”Xorbin Digital Flash Clock” link=”#clock”][table_content link_type=”custom-link” title=”Image Metadata Cruncher” link=”#meta”][table_content link_type=”custom-link” title=”FAQs Manager” link=”#faq”][table_content link_type=”custom-link” title=”Easy Banners” link=”#banners”][table_content link_type=”custom-link” title=”The Crawl Rate Tracker” link=”#crawl”][table_content link_type=”custom-link” title=”ThinkIT WP Contact Form” link=”#it”][table_content link_type=”custom-link” title=”Pierre’s Wordspew” link=”#spew”][/tables_content]

*all the plugin install and version compatibility details are taken when this post was published for correct details check the corresponding plugin in the WordPress plugin directory.

Why You Should Think Of WordPress Vulnerable Plugins

WordPress plugins will have the access to your core WordPress. In fact, the plugin not only works on WordPress engine, it works from WordPress. That is it works as a part of WordPress.

When the plugins become vulnerable they open the gate to the core WordPress engine. From there taking your website down is a piece of cake. In most of our recovering hacked WordPress website process, vulnerable plugins and WordPress which is not updated for years are the major cause.

[experts_box experts_title=”Easy One Click Solution:”]Update your plugins and core WordPress without losing your customizations and data. Get WordPress Core Update Support Service and WordPress Plugin update support service[/experts_box]

Without further delay let’s see the vulnerable WordPress plugins which are abandoned by the admin listed in the WordFence and their alternative.

WP PHP Widget


WP PHP widget you can still see this plugin on the WordPress plugin directory. When I am writing this it’s been 7 years the plugin was last updated. The version it was last checked for compatibility was 3.0.5

This plugin allows you to add widget where you can add PHP code, HTML, and Javascript as content in this widget.

[recommened_reading id=”5153″ title=”Recommended Reading:”]

Vulnerability issue: Full path disclosure. That is the hacker can see the complete file path they want to see in your website directory and the page source.

Alternate Plugin

The alternate plugin for this WordPress vulnerable plugin is PHP Code Widget. This also allows you to add code as a text to your content.

It has 200,000+ installs. It was last updated 2 years ago and the last version tested is 4.7.5

[the_ad id=’6614′]

WP Post to PDF


WP post to PDF plugin allows you to easily convert post and web pages to PDF easily in one click. It had almost 1000 active installs and was last updated nearly 5 years back. This plugin has been removed from the WordPress plugin directory.

Vulnerability issue: Cross-site scripting (XSS). It enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls

Alternate Plugin

DK PDF does the same job. In fact, more effectively than the WP Post to PDF plugin. This plugin adds a button to the post including custom post type

It has 3000+ active installs. It is last updated 2 months ago and the latest version tested is with 4.8.1 WordPress version.

Spreadsheet Plugin

This plugin is also removed from WordPress plugin directory by now. This plugin enables you to add a spreadsheet to your WordPress site content easily. It had 1000+ active installs, it is also updated 5 years ago.

Vulnerability issue: This plugin also has Cross-site scripting (XSS) vulnerability

Alternate Plugin

Inline Google Spreadsheet Viewer helps you to share a Google spreadsheet with your readers within the content using the shortcode. It is more advanced than the Spreadsheet plugin.

This plugin also helps you to make graphs from the spreadsheet easily with a single shortcode. All you have to do is to mention the type of chart you want. As of now it has 9000+ active installs it was last updated 2 weeks ago and it is compatible up to4.8.1 version.

[the_ad id=’6616′]



Bookmarkify is a social media sharing plugin which also allows you to put bookmarking links in your posts and in your pages. It had over 800 active installs and it was updated 7 years ago.

Vulnerability issue: This plugin also has Cross-site scripting (XSS) vulnerability

Alternate Plugin

WP Social Bookmarking Light this plugin inserts social share links at the top or bottom of each post. To help you engage your customers and also encourage them to share your content.

As of now, it has 100,000+ installs, last updated 4 weeks ago. The latest WordPress compatibility check is done for the 4.7.5 version.

Xorbin Digital Flash Clock


This plugin helped you to add clock time to your website in a widget or within the content. This plugin had over 600+ active installs. It was updated 4 years ago. This plugin has been removed from the WordPress directory.

Vulnerability issue: This plugin also has Cross-site scripting (XSS) vulnerability

Alternate Plugin

CoolClock is a Javascript Analog Clock this plugin only allows you to show an analog clock. You can add clock as a widget or as a within your post using the shortcode. You have 22 different skins to choose from.

At the time of writing this post, this plugin has 6000+ active installs, compatibility checked with 4.7.5 version and was updated 9 months ago.

[the_ad id=’6609′]

Image Metadata Cruncher


This plugin helps you to add a custom image to excerpt and metadata to your website. Even in our link building strategy images gained us more backlinks. Adding a custom image to the metadata gives you an additional benefit of knowing your content and website.

This plugin was last updated 4 years ago and had 500+ active installs.

Vulnerability issue: This plugin also has Cross-site scripting (XSS) vulnerability

Alternate Plugin

External URL Featured Image helps you to select the featured image when you share your content or page. As of now the plugin has 300+ active installs, tested up to the WordPress 4.7.5 version. It was last updated 8 months ago.

[the_ad id=’6616′]

FAQs Manager


For any website, FAQ helps the user to get clarified about basic questions that arise in their brain when they see a product or a service. It also helps the support team to reduce the number of repeated questions been answered.

There are many FAQ plugins to help you with this. Pre-made layout options help you setup your FAQ collection easily. This particular WordPress vulnerable plugin is outdated, it was last updated in 2012. It had 400+ active installs, now it’s been removed from the WordPress plugin directory.

Vulnerability issue: This plugin is SQL injection vulnerability, XSS vulnerability and cross site request forgery vulnerability. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances.

Alternate Plugin

Arconix FAQ plugin helps you to have stylish FAQ section. You can add an accordion box with neat animation with simple short codes.

This plugin has 10,000+ active installs. It was last updated two weeks ago and it is compatible with WordPress version 4.8.1

Easy Banners


Easy banners helped you to make call to action banners to collect more leads to your WordPress website. This plugin was last updated 5 years ago and it had over 300+ active installs

[recommened_reading id=”5635″ title=”Recommended Reading:”]

Vulnerability issue: This plugin also has Cross-site scripting (XSS) vulnerability

Alternate Plugin

Easy Banners Widget helps you to create and add call to action banners to the website. If you are looking for plugin with popup functionality try OptinMonster. If you are already using a premium email marketing service like Aweber and Mailchimp they already provide you drag and drop builder and call to action forms.

As of now, this plugin has 300+ active installs. It was last updated one year ago and its compatibility is checked with WordPress 4.5.9 version.

[the_ad id=’6609′]

The Crawl Rate Tracker


The Crawl Rate Tracker helps you to have a metric value of how much your WordPress website is indexed by the bots. It was last updated 6 years ago.

Vulnerability issue: Like FAQs manager, this plugin also have cross-site request forgery vulnerability

Alternate Plugin

RankScanner: Rank Tracking. All SERPs will be reported back to you directly in your WordPress admin area, with detailed statistics, graphs and other data that will prove useful in keeping track of your SEO performance.

ThinkIT WP Contact Form


There is numerous trustworthy contact form which gives timely update and security. ThinkIT WP Contact Form was last updated 3 years ago. It has 200+ active installs.

Vulnerability issue: Like FAQs manager and Crawl Rate tracker this plugin also has cross-site request forgery vulnerability.

Alternate Plugins: As said before there are numerous plugins that can help you with the contact form. To mention few contact form 7wpforms and ninja forms.

Pierre’s Wordspew


Pierre’s Wordspew is a chat box plugin. Enables you to chat with your users or the visitors. It was last updated 7 years ago and as of now it has 700+ active installs.

Vulnerability issue: Just like FAQs manager plugin, this WordPress vulnerable plugin also has SQL injection vulnerability.

Alternate Plugin

There are plenty of plugins to help you with the chat, if you are looking for a professional solution for conversion and sales go for premium plugins like Intercomor for more precise result and loads of useful functionality try Zoho SalesIQ . For casual use, you can try free plugin like Twakto.

[the_ad id=’6609′]

Replace WordPress Vulnerable Plugins

As you can see most of the WordPress vulnerable plugins are removed from the WordPress plugin directory. In case if you are one of the few users who is still using any of these WordPress vulnerable plugins then replace those plugins with other suitable plugins.

What’s your thought about abandoned WordPress plugins which became vulnerable over time? Share your thoughts in the comment section. Happy website!!

Leave a Reply

Your email address will not be published. Required fields are marked *