Skip to content
From our Community Blog:

Vulnerable WordPress Plugins Report for the Weeks of July 27 through August 10, 2018

Subscribe to Community Blog updates

Vulnerable Plugins

Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23.

View this week's vulnerable plugins list.

An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin as quickly as possiblePluginVulnerabilities.com has a good write-up on the specifics of the vulnerable code.  If you are unable to patch, the issue can be partially mitigated by either preventing image uploading through the plugin (as described in the pluginvulnerabilties write-up) or by blocking php execution in the uploads directory (which you should be doing anyway).

 

Login to WordPress