Vulnerable Plugins

Eleven disclosures since last week, with one critical unfixed. KingComposer has an Arbitrary File Upload vulnerability in its current version. You should remove the plugin until the author has fixed the issue.

View this week’s vulnerable plugins list.

Other WordPress News

Version 4.9.6 of WordPress was released yesterday.  While many (myself included) assumed this was going to be a maintenance release based on its version number, it’s much closer to a feature release than a maintenance release.  For now it’s appearing as an update in the dashboard and is not autoupdating (at least not on any of the sites I’ve seen).  This is good since you will want to ensure that none of the newly added features break your current configuration. However, from what I understand, the core team will eventually enable this release for autoupdates, so if you are worried about it breaking your site, you’ll need to begin testing sooner rather than later.

Other Security News

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to WPCampus mailing list

* indicates required

Sign-up to receive email updates about the WPCampus community and conferences.