Blog: Vulnerable WordPress Plugins Report for the Weeks of February 22 through March 1, 2019

Vulnerable Plugins

Seventeen disclosures since last week, with four issues unfixed.

View this week’s vulnerable plugins list.

We’re likely to see many more plugins updated over the next week as Freemius, a freemium framework used in thousands of plugins and themes, recently patched an authenticated options updated vulnerability. They attempted to give developers some time to patch the SDK in their plugins/themes, but those efforts were thwarted. Be on the lookout for updates from any of your plugins/themes that use this framework. If you’re unsure which one of your plugins/themes use it, check the plugin/theme source for a directory named “freemius”.

Other Security News

You might want to destroy that old Internet-of-Things device instead of throwing it out.  A recent tear-down of a Lifx SmartBulb discovered that not only was it storing the WiFi credentials in plaintext, the device had no security in place at all.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzowhttp://missouri.edu/

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Leave a Reply

Your email address will not be published. Required fields are marked *