Blog: Vulnerable WordPress Plugins Report for the Week of July 5, 2019

Vulnerable Plugins

There are twenty four issues this week, with five unfixed.  The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin and an unfixed Authenticate Remote Code Execution vulnerability in the Newsletter plugin. Both plugins have been closed in the public plugin repository. In addition, there was an Authenticated Arbitrary Folder Deletion/Rename vulnerability in the Insert or Embed Articulate Content into WordPress plugin (fixed as of version 4.29991).

View this week’s vulnerable plugins list.

Other Security News

Last week, Magento released an update to the 2.3.X, 2.2.X, and 2.1.X branches that contains numerous security fixes, including an unauthenticated stored cross-site scripting vulnerability that can lead to remote code execution, discovered and recently disclosed by RIPs.

Paul Gilzow

Programmer Analyst, University of Missouri@gilzow

Web application security and accessibility evangelist. Software instructor. Conference lecturer and presenter.

Pat Lockley

Owner, Pgogy webstuff@Pgogy

Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to WordPress