Only four plugins with disclosed vulnerabilities this week, none of which remain unpatched! That’s the fewest number of disclosures in a week since I started doing this report. You’ll notice WP Statistics made a repeat appearance after being on last week’s report for a SQL Injection vulnerability. This week’s appearance is due to an Authenticated Cross-Site Scripting vulnerability discovered by Ryan Dewhurst of Dewhurst Security and WPScan.
Other Security News
For those of you running Joomla!, 3.7.3 was released earlier this week on July 4th. Version 3.7.3 addressed three security issues (two Cross-Site Scripting vulnerabilities, and an Information Disclosure vulnerability) and over 230 bug fixes and improvements.
Other WordPress News
There are 80+ bug fixes and enhancements being worked on for version 4.8.1 and is currently scheduled for a late July release. If you don’t have automatic updates enabled, start prepping to update your sites. I meant to mention this last week, but the plugin team announced last week that they are moving to open up plugin reviews to anyone with a wordpress.org account. I haven’t seen the specifics of how they intend this new review process to work, but typically more eye-balls on a problem is better. Hopefully, by having more people involved in the review process, potential security issues will be caught before being made publicly available. I’m also hoping this means that updates to plugins will be reviewed, whereas now, updates to a plugin are not reviewed at all. In addition, they announced that there will be announcements for when a plugin is removed from the repository. Finally! Again, they haven’t released how this will work, or what the announcements will look like, but I’m excited they are moving in this direction.