Vulnerable Plugins
There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera Forms Pro, and the Privilege Escalation vulnerability in SiteGround Optimizer. Both issues were discovered by Sucuri.
View this week's vulnerable plugins list.
Other WordPress Security News
Earlier this week, WordPress released version 5.1.1 (and similar updates for branches all the way back to 3.7) which contained a crucial security update related to a stored cross-site scripting vulnerability in the comments. Simon Scannell from RIPSTech discovered the issue and has provided a detailed explanation of the issue. If you have not already done so, you need to update your WordPress instances immediately.
Other News
WordPress now officially powers one-third of the web (33.4% to be precise).
If you happen to be a Drupaler in the midwest, David Needham and I will be speaking at MidCamp 2019 (Midwest Drupal Camp) in Chicago and would love to chat.
Last, I want to extend a "Thank you" to Pat from Pgogy Webstuff for helping out with this week's list!