WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Sg Security safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Sg Security WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: sg-security
  • Requires PHP: 7.0+
  • Max supported PHP (analyzed): <8.0

Known vulnerabilities

  • Security Optimizer &#8211; The All-In-One Protection Plugin [sg-security] < 1.2.6 [CVE-2022-0993, WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability, SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass, SiteGround Security &lt; 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes]
  • Security Optimizer &#8211; The All-In-One Protection Plugin [sg-security] < 1.2.6 [CVE-2022-0992, WordPress SiteGround Security plugin <= 1.2.5 - Authentication Bypass via 2-Factor Authentication Setup vulnerability, SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup, SiteGround Security &lt; 1.2.6 - Authentication Bypass via 2-FA Authentication Setup]
  • Security Optimizer &#8211; The All-In-One Protection Plugin [sg-security] < 1.3.1 [CVE-2023-0234, WordPress SiteGround Security Plugin < 1.3.1 is vulnerable to SQL Injection, SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection, SiteGround Security &lt; 1.3.1 - Admin+ SQLi]
  • Security Optimizer &#8211; The All-In-One Protection Plugin [sg-security] < 1.5.1 [CVE-2024-38774, WordPress SiteGround Security Plugin <= 1.5.0 is vulnerable to Broken Access Control, Security Optimizer – The All-In-One Protection Plugin <= 1.5.0 - Missing Authorization via hide_notice()]
  • Security Optimizer &#8211; The All-In-One Protection Plugin [sg-security] < 1.5.9 [CVE-2025-66121, SiteGround Security <= 1.5.8 - Missing Authorization]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.