Vulnerable Plugins

Seven disclosures since last week, with three issues unfixed.

View this week’s vulnerable plugins list.

Other WordPress News

WordPress core announced on Tuesday version 4.9.3 will be delayed until Monday, February 5th.  So now you know what you’re doing on Monday. 😉

Other Security News

Also on Tuesday, Cisco disclosed a vulnerability in the Firefox browser that could allow a remote attacker to execute arbitrary code on the user’s machine with the privileges of the user. Affected version include v56.0.0 – 56.0.2, v57.0.0 – 57.0.4, and v58.0.0. Version 58.0.1 has been released to address the issue.  The default in Firefox is to perform auto-updates, but if you’ve disabled those, or if you haven’t launched it in awhile, make sure you are up-to-date.

I recently came across Burp WP, a WordPress scanning plugin for Burp Suite. It’s similar to WPScan, and uses the WPScan Vulnerability Database as its source of vulnerabilities. If you already use Burp for vulnerability scanning, then it’s nice to be able to include Burp WP to deep-dive into a WordPress site, without having to run WPScan separately.  I’ll be installing it on Monday to give it a test shortly after updating my sites to WordPress 4.9.3.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/
Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *