Vulnerable Plugins
Seven disclosures since last week, with three issues unfixed.
View this week's vulnerable plugins list.
Other WordPress News
WordPress core announced on Tuesday version 4.9.3 will be delayed until Monday, February 5th. So now you know what you're doing on Monday. ;)
Other Security News
Also on Tuesday, Cisco disclosed a vulnerability in the Firefox browser that could allow a remote attacker to execute arbitrary code on the user's machine with the privileges of the user. Affected version include v56.0.0 - 56.0.2, v57.0.0 - 57.0.4, and v58.0.0. Version 58.0.1 has been released to address the issue. The default in Firefox is to perform auto-updates, but if you've disabled those, or if you haven't launched it in awhile, make sure you are up-to-date.
I recently came across Burp WP, a WordPress scanning plugin for Burp Suite. It's similar to WPScan, and uses the WPScan Vulnerability Database as its source of vulnerabilities. If you already use Burp for vulnerability scanning, then it's nice to be able to include Burp WP to deep-dive into a WordPress site, without having to run WPScan separately. I'll be installing it on Monday to give it a test shortly after updating my sites to WordPress 4.9.3.