There are 2 main reasons developers issue plugin updates:
2) Improvements / new features
Take security for example. Recently, I have seen a couple of potentially serious vulnerability issues affecting popular plugins:
The first was discovered in plugin called WP Database Backup (which according to wordpress .org, has over 70,000 active users). If exploited, the flaw could lead to FULL SITE TAKEOVER by attackers.
The second was in a premium (paid for) plugin called Convert Plus for wordpress. There was a critical vulnerability which allowed hackers to create a user with ADMIN rights. Bear in mind, anyone with Admin rights can remove other users (yes, YOU) and make fundamental changes to your website.
So please, make the time to check for updates on a regular basis, or hire someone to do this for you.
If you use a security plugin like wordfence (the free version is great) it can send you an email notification when any plugin updates need doing.
Don’t make the mistake of thinking ‘my site is too small’ to get hacked – in the world of the internet size doesn’t matter as most of the hackers take the form of automated bots. Here are a few stats which may help you understand the risk involved:
- Over 30,000 websites get hacked every day
- There is an attack of some kind happening on the web every 39 seconds
- Hackers generate around 300,000 new pieces of malware every day.