Blog: Vulnerable WordPress Plugins Report for the Week of August 24, 2018

Vulnerable Plugins

Five disclosures since last week, with four issues unfixed, the most serious being an unfixed CSV Injection vulnerability in Ninja Forms.

View this week’s vulnerable plugins list.

Other Security News

phpMyAdmin released a patch earlier this week that addresses an authenticated, stored cross-site scripting issue.  Similarly, the Apache Foundation released a critical patch earlier this week for the Struts framework (yes, the same one that was used last year to breach Equifax) that addresses a remote code execution vulnerability.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress