Blog: Vulnerable WordPress Plugins Report for the Weeks of July 27 through August 10, 2018

Vulnerable Plugins

Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23.

View this week’s vulnerable plugins list.

An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin as quickly as has a good write-up on the specifics of the vulnerable code.  If you are unable to patch, the issue can be partially mitigated by either preventing image uploading through the plugin (as described in the pluginvulnerabilties write-up) or by blocking php execution in the uploads directory (which you should be doing anyway).


Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress