Blog: Vulnerable WordPress Plugins Report for the Week of May 17, 2019

Vulnerable Plugins

There are nineteen issues this week, with five unfixed.  The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in Ultimate Member discovered by Sucri earlier this week. There was also a Local File Inclusion vulnerability disclosed in Photo Gallery by 10Web that does not appear to be fixed yet (as of the time of this post).

View this week’s vulnerable plugins list.

Again, want to give a giant “thank you” to Pat Lockley for helping me compile this week’s list!

Edit: added one more vulnerability to this week’s list.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Pat Lockley

Owner, Pgogy webstuff@Pgogy

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress