Blog: Vulnerable WordPress Plugins Report for the week of July 7, 2017

Vulnerable Plugins

Only four plugins with disclosed vulnerabilities this week, none of which remain unpatched! That’s the fewest number of disclosures in a week since I started doing this report.  You’ll notice WP Statistics made a repeat appearance after being on last week’s report for a SQL Injection vulnerability.  This week’s appearance is due to an Authenticated Cross-Site Scripting vulnerability discovered by Ryan Dewhurst  of Dewhurst Security and WPScan.

View this week’s vulnerable plugins list

Other Security News

For those of you running Joomla!, 3.7.3 was released earlier this week on July 4th.  Version 3.7.3 addressed three security issues (two Cross-Site Scripting vulnerabilities, and an Information Disclosure vulnerability) and over 230 bug fixes and improvements.

Other WordPress News

There are 80+ bug fixes and enhancements being worked on for version 4.8.1 and is currently scheduled for a late July release.  If you don’t have automatic updates enabled, start prepping to update your sites.  I meant to mention this last week, but the plugin team announced last week that they are moving to open up plugin reviews to anyone with a wordpress.org account.  I haven’t seen the specifics of how they intend this new review process to work, but typically more eye-balls on a problem is better.  Hopefully, by having more people involved in the review process, potential security issues will be caught before being made publicly available.  I’m also hoping this means that updates to plugins will be reviewed, whereas now, updates to a plugin are not reviewed at all.  In addition, they announced that there will be announcements for when a plugin is removed from the repository.  Finally!  Again, they haven’t released how this will work, or what the announcements will look like, but I’m excited they are moving in this direction.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to WPCampus mailing list

* indicates required

Sign-up to receive email updates about the WPCampus community and conferences.