Blog: Vulnerable WordPress Plugins Report for the Week of February 1, 2019

Vulnerable Plugins

Twelve disclosures since last week, with four issues unfixed. The most serious is an Arbitrary File Upload vulnerability in the plugin Slider by 10Web. It appears that the developer is trying to fix the issue, but as of right now (2:00PM CST) it remains unavailable in the public repository. You are encouraged to remove the plugin until the developer is able to correct the issue.

View this week’s vulnerable plugins list.

Other WordPress Security News

WordPress 5.1 Beta 3 was released yesterday.  Due to growing security concerns, the White-Screen-of-Death protection has been removed and is now slated for inclusion in version 5.2. Version 5.1 is still scheduled for release on February 21st.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress