Blog: Vulnerable WordPress Plugins Report for the Weeks of July 9 through July 20, 2018

Vulnerable Plugins

Eight disclosures over the last two week, with five issues unfixed, one critical. An authenticated arbitrary file upload vulnerability has been identified in the MapSVGLite plugin that remains unfixed. You should remove the plugin as soon as possible until the issue has been resolved.

View this week’s vulnerable plugins list.

Other WordPress News

The second beta for WordPress version 4.9.8 is available. The final release for 4.9.8 is still scheduled for July 31 so begin making plans to get it into your Change Management schedule.

Other Security News

Multiple vulnerabilities were patched, including a potential Remote Code Execution, in the latest updates from Gitlab. The updates cover version 11.0, 10.8 and 10.7 of the Community Edition and Enterprise Edition.

 

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *