Seventeen disclosures since last week, with four issues unfixed.
We’re likely to see many more plugins updated over the next week as Freemius, a freemium framework used in thousands of plugins and themes, recently patched an authenticated options updated vulnerability. They attempted to give developers some time to patch the SDK in their plugins/themes, but those efforts were thwarted. Be on the lookout for updates from any of your plugins/themes that use this framework. If you’re unsure which one of your plugins/themes use it, check the plugin/theme source for a directory named “freemius”.
Other Security News
You might want to destroy that old Internet-of-Things device instead of throwing it out. A recent tear-down of a Lifx SmartBulb discovered that not only was it storing the WiFi credentials in plaintext, the device had no security in place at all.