Vulnerable Plugins

Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23.

View this week’s vulnerable plugins list.

An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin as quickly as possiblePluginVulnerabilities.com has a good write-up on the specifics of the vulnerable code.  If you are unable to patch, the issue can be partially mitigated by either preventing image uploading through the plugin (as described in the pluginvulnerabilties write-up) or by blocking php execution in the uploads directory (which you should be doing anyway).

 

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to WPCampus mailing list

* indicates required

Sign-up to receive email updates about the WPCampus community and conferences.