Blog: Vulnerable WordPress Plugins Report for the Weeks of June 22 through July 8, 2018

Vulnerable Plugins

Ten disclosures over the last two week, with three issues unfixed.

View this week’s vulnerable plugins list.

Other WordPress Security News

The big news last week and into this week was the disclosure of an unpatched arbitrary file deletion vulnerability in WordPress core.  Luckily, the vulnerability required a user to have the ability to edit attachments (usually the Author role or greater) in order to exploit which prevented the issue from being more widespread.  In addition, WordFence discovered a second location where this same issue was exploitable. WordPress has since released version 4.9.7 which fixes this issue in both locations.  If you haven’t already, make sure to get this update into change management cycle as soon as possible.

Other News

We are one week away from WPCampus 2018 in beautiful St. Louis, MO!  If you aren’t to join us this year, no worries! You can watch the live stream for free! We’ve got some fantastic presenters this year (including yours truly) so gather other WordPress users on your campus and have a viewing party! If you are joining us, I hope to see you at my session!

This also means that I will not be doing a report next Friday; I’ll try to get it out on the next Monday.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to WPCampus mailing list

* indicates required

Sign-up to receive email updates about the WPCampus community and conferences.