Even this month, Akismet, Jetpack, and Ninja Forms have been added to the official list of vulnerabilities on WPScan.
Interestingly, Akismet was developed to combat comment spam!
However, this doesn’t mean that these plugins should be immediately removed; they are undoubtedly being updated by the developers.
Make sure you have a newer version of the plugin.
What can you do about it?
It’s not practical to check the plugin list every day to see if the plugins you use might have vulnerabilities.
Here are some steps you can take:
- Minimize the number of plugins you use.
- Keep your plugins updated.
- Install a security plugin.
You should take these steps before your website gets hacked.
Updating a plugin via the WordPress updater doesn’t guarantee that previously vulnerable plugins are immediately virus-free.
If your website is already sending spam due to a vulnerable plugin
You’ll need to check the entire WordPress website on the server for spam files. These files are often placed in various locations as a virus.
Get your WordPress website restored and secured if you suspect it has been hacked or is sending spam!