Nine disclosures since last week, with four issues unfixed. Additionally, Ninja Forms has released version 3.3.14 which addresses the CSV Injection vulnerability disclosed last week.
View this week’s vulnerable plugins list.
Other Security News
Joomla! released version 3.8.12 which addressed three security issues: potential file upload vulnerability, store cross-site scripting vulnerability, and an ACL Violation in custom fields.
Packagist, the PHP ecosystem’s largest package repository, patched a critical Remote Code Execution on their website.