Blog: Vulnerable WordPress Plugins Report for the Week of March 15, 2019

Vulnerable Plugins

There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera Forms Pro, and the Privilege Escalation vulnerability in SiteGround Optimizer. Both issues were discovered by Sucuri.

View this week’s vulnerable plugins list.

Other WordPress Security News

Earlier this week, WordPress released version 5.1.1 (and similar updates for branches all the way back to 3.7) which contained a crucial security update related to a stored cross-site scripting vulnerability in the comments. Simon Scannell from RIPSTech discovered the issue and has provided a detailed explanation of the issue. If you have not already done so, you need to update your WordPress instances immediately.

Other News

WordPress now officially powers one-third of the web (33.4% to be precise).

If you happen to be a Drupaler in the midwest, David Needham and I will be speaking at MidCamp 2019 (Midwest Drupal Camp) in Chicago and would love to chat.

Last, I want to extend a “Thank you” to Pat from Pgogy Webstuff for helping out with this week’s list!

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *