Vulnerable Plugins Fifteen disclosures since last week, with zero issues unfixed. View this week’s vulnerable plugins list. Four issues are critical and should be updated immediately: Redirection for versions 3.6.2 and earlier has a potential remote code execution vulnerability Toolset Type for versions 2.3.3 and earlier has a privilege escalation vulnerability WooCommerce for versions 3.4.5 […]
The WPCampus Blog
Vulnerable Plugins There were four disclosures over the last two weeks, with one issue unfixed. View this week’s vulnerable plugins list. A weekly report on a Monday? Yeah. There were a lot of disclosures during the Thanksgiving week to sort through. Unfortunately, the vast majority of them were false positives and/or inaccurate and it took […]
Last month, WPCampus released a request for proposals to conduct an accessibility audit of the WordPress Gutenberg editor. This audit will help higher education institutions, and the whole WordPress community, make informed decisions about when and how to upgrade to the new editor. We received numerous proposals and our selection committee is hard at work, […]
Vulnerable Plugins Five disclosures since last week, with three issues unfixed. View this week’s vulnerable plugins list. Quick note that there will not be a report next week due to the holidays. I’ll do a two week report on November 30th.
Vulnerable Plugins Eleven disclosures since last week, with three issues unfixed, one unknown. View this week’s vulnerable plugins list. Far and away the most serious issue this last week was a combined set of vulnerabilities in the WP GDPR Compliance plugin that could allow attackers to add themselves to a site as an administrator and/or install […]
Vulnerable Plugins There were eight disclosures over the last two weeks, with two issues unfixed, one unknown. The disclosures that will affect the most people are the stored cross-site scripting vulnerabilities in Elegant Themes’ Divi Builder plugin, Divi theme and Extra theme. If you’re using those products be sure to get the latest updates from Elegant […]
Thank you to all who took the time to submit a proposal in response to our RFP for an accessibility audit of the WordPress Gutenberg editor. Our selection committee will begin its review process and will be in touch if we have any questions. WPCampus has released a request for proposals seeking an accessibility audit […]
Vulnerable Plugins There were ten disclosures over the last two weeks, with three issues unfixed. The most serious is an arbitrary file upload vulnerability in the csv2wpec-coupon plugin, which is related to the recently disclosed vulnerability in the Blueimp JQuery File Upload Plugin package. However, there are less than 10 sites with the csv2wpec-coupon so it’s unlikely […]
Vulnerable Plugins Seven disclosures since last week, with four issues unfixed. View this week’s vulnerable plugins list. Other WordPress News Earlier this week, the WordPress core team announced the release date for WordPress version 5.0: November 19, 2018. This means the 4.9.9 release has been shelved unless the core team is unable to release 5.0 before the […]
Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week’s vulnerable plugins list. Other WordPress Security News There were several reports this week that the United Nation’s WordPress site was leaking “thousands or resumes” (The Register has since updated their story after I contacted them). As it turns out, […]
Subscribe to WPCampus updates
You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By clicking to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices.