Skip to content
From our Community Blog:

Vulnerable WordPress Plugins Report for the Week of July 5, 2019

Subscribe to Community Blog updates

Vulnerable Plugins

There are twenty four issues this week, with five unfixed.  The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin and an unfixed Authenticate Remote Code Execution vulnerability in the Newsletter plugin. Both plugins have been closed in the public plugin repository. In addition, there was an Authenticated Arbitrary Folder Deletion/Rename vulnerability in the Insert or Embed Articulate Content into WordPress plugin (fixed as of version 4.29991).

View this week's vulnerable plugins list.

Other Security News

Last week, Magento released an update to the 2.3.X, 2.2.X, and 2.1.X branches that contains numerous security fixes, including an unauthenticated stored cross-site scripting vulnerability that can lead to remote code execution, discovered and recently disclosed by RIPs.

Login to WordPress