Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks
26 issues this week, with 6 so far unfixed – though Advanced CF7 DB (Advanced Contact form 7 DB) seems to be being worked on. All-in-one migration has multiple issues with one remaining unresolved. View this week’s vulnerable plugins list
Vulnerable Plugins There are twenty nine issues this week, with only one unfixed. The most critical this week are Authenticated (low privileged user) Arbitrary Options Update vulnerability in the One Click SSL plugin (fix available) and in the WPTF Hybrid Composer plugin (fix available), and multiple critical issues in the File Manager (by mndpsingh287) plugin […]
Vulnerable Plugins There are twenty four issues this week, with five unfixed. The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin and an unfixed Authenticate Remote Code Execution vulnerability in the Newsletter plugin. Both plugins have been closed in the public plugin repository. In addition, there […]
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and in LionScripts IP Blocker Lite (unfixed, remove immediately) plugins, an Authenticated Arbitrary File Upload vulnerability in Shipping Servientrega Woocommerce (unfixed, remove immediately), and an Authenticated […]
Vulnerable Plugins There are thirteen issues this week, with five unfixed. The most critical this week is an Arbitrary File Upload vulnerability in Crelly Slider, discovered by NinTechNet. View this week’s vulnerable plugins list.
Vulnerable Plugins There are sixteen issues this week, with two unfixed. The most critical this week are a privilege escalation issue in Slick Popups and an Unauthenticated Administrator Creation vulnerability in Convert Plus. Both issues were discovered by WordFence/Defiant. View this week’s vulnerable plugins list.
Vulnerable Plugins There are fifteen issues this week, with five unfixed. The most critical this week is in WPGraphQL which includes Create administrative users Post comments on articles bypassing article restrictions and global moderation Retrieve content of password-protected posts/articles/pages Retrieve full list of registered users in the platform Retrieve full list of media, comments, themes […]
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in Ultimate Member discovered by Sucri earlier this week. There was also a Local File Inclusion vulnerability disclosed in Photo Gallery by 10Web that does not […]
Vulnerable Plugins Twenty-two issues over the last two weeks, with only two issues unfixed. The most critical updates are the Remote Code Execution vulnerability in the plugins W3 Total Cache, and Kanzu Support Desk and then Arbitrary File Upload vulnerabilities in the plugins Polldeep, User Submitted Posts, and WP Live Chat Support Pro. View this […]
You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By clicking to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices.
