The WPCampus Blog

Vulnerable WordPress Plugins Report for the Week of December 7, 2018

Vulnerable Plugins Fifteen disclosures since last week, with zero issues unfixed. View this week’s vulnerable plugins list. Four issues are critical and should be updated immediately: Redirection for versions 3.6.2 and earlier has a potential remote code execution vulnerability Toolset Type for versions 2.3.3 and earlier has a privilege escalation vulnerability WooCommerce for versions 3.4.5 […]

Vulnerable WordPress Plugins Report for the Weeks of November 17 through November 30, 2018

Vulnerable Plugins There were four disclosures over the last two weeks, with one issue unfixed. View this week’s vulnerable plugins list. A weekly report on a Monday?  Yeah.  There were a lot of disclosures during the Thanksgiving week to sort through.  Unfortunately, the vast majority of them were false positives and/or inaccurate and it took […]

Fundraising for WPCampus Gutenberg Accessibility Audit

Last month, WPCampus released a request for proposals to conduct an accessibility audit of the WordPress Gutenberg editor. This audit will help higher education institutions, and the whole WordPress community, make informed decisions about when and how to upgrade to the new editor. We received numerous proposals and our selection committee is hard at work, […]

Vulnerable WordPress Plugins Report for the Weeks of October 20 through November 2, 2018

Vulnerable Plugins There were eight disclosures over the last two weeks, with two issues unfixed, one unknown. The disclosures that will affect the most people are the stored cross-site scripting vulnerabilities in Elegant Themes’ Divi Builder plugin, Divi theme and Extra theme. If you’re using those products be sure to get the latest updates from Elegant […]

WPCampus Releases Gutenberg Accessibility Audit RFP

Thank you to all who took the time to submit a proposal in response to our RFP for an accessibility audit of the WordPress Gutenberg editor. Our selection committee will begin its review process and will be in touch if we have any questions. WPCampus has released a request for proposals seeking an accessibility audit […]

Vulnerable WordPress Plugins Report for the Weeks of October 6 through October 19, 2018

Vulnerable Plugins There were ten disclosures over the last two weeks, with three issues unfixed. The most serious is an arbitrary file upload vulnerability in the csv2wpec-coupon plugin, which is related to the recently disclosed vulnerability in the Blueimp JQuery File Upload Plugin package. However, there are less than 10 sites with the csv2wpec-coupon so it’s unlikely […]

Vulnerable WordPress Plugins Report for the Week of September 28, 2018

Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week’s vulnerable plugins list. Other WordPress Security News There were several reports this week that the United Nation’s WordPress site was leaking “thousands or resumes” (The Register has since updated their story after I contacted them).   As it turns out, […]