TrustedWeb Weekly Scan Report — April 11, 2026

Week of April 6 — April 11, 2026

TrustedWeb scanned 54 websites this week. Here’s what we found.

This Week at a Glance

54
Websites Scanned
32
With Vulnerable Plugins
15
Missing Security Headers
7
Without Valid SSL
5
Flagged for Malware
37
Average Trust Score

Top 5 Security Problems This Week

  1. 32 websites had outdated or vulnerable plugins — This remains the #1 security issue we see. Outdated plugins are the primary attack vector for WordPress sites.
  2. 15 websites were missing security headers — Headers like HSTS, CSP, and X-Frame-Options are quick to add but often overlooked.
  3. 7 websites had SSL issues — Expired certificates, mixed content, or no HTTPS at all.
  4. 5 websites showed signs of malware — Including blacklist presence, suspicious scripts, or known malware signatures.
  5. Average trust score was 37/100 — Most websites have significant room for improvement.

New Plugin Vulnerabilities This Week

  • Aimogen Pro — Critical (CVE-2026-4038)
  • Kali Forms — Critical (CVE-2026-3584)
  • Tutor LMS Pro — Critical (CVE-2026-0953)
  • Before — Critical (CVE-2026-2631)
  • Woocommerce — Critical (CVE-2026-3891)

What This Means for You

If you haven’t scanned your website recently, now is a good time. New vulnerabilities are discovered weekly, and attackers actively scan for unpatched sites.

A single unpatched plugin can give attackers access to your entire website — including customer data, admin credentials, and the ability to inject malware.

Is Your Website Secure?

Run a free security scan to check for vulnerabilities, missing headers, SSL issues, and more.

Scan Your Website Free

Improve Your Score

The easiest wins for most websites:

  1. Update all plugins and themes
  2. Add security headers (takes 5 minutes)
  3. Ensure SSL is properly configured
  4. Remove unused plugins
  5. Set up automated monitoring

This is an automated weekly report generated from TrustedWeb’s scan data. For personalized recommendations, scan your specific website.