The WPCampus Blog

Vulnerable WordPress Plugins Report for the Week of September 28, 2018

Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week’s vulnerable plugins list. Other WordPress Security News There were several reports this week that the United Nation’s WordPress site was leaking “thousands or resumes” (The Register has since updated their story after I contacted them).   As it turns out, […]

Vulnerable WordPress Plugins Report for the Week of September 21, 2018

Vulnerable Plugins Ten disclosures since last week, with four issues unfixed, the most serious being an Authenticated Arbitrary File Upload vulnerability in Advanced Contact form 7 DB. View this week’s vulnerable plugins list. Other Security News Specifics of the Remote Code Execution vulnerability in Moodle were disclosed earlier this week. The disclosure includes Proof-of-Concept code so […]

Vulnerable WordPress Plugins Report for the Weeks of September 1 through September 14, 2018

Vulnerable Plugins Apologies for not sending out a report last week. There were seven disclosures over the last two weeks, with two issues unfixed. View this week’s vulnerable plugins list. WordPress News The roadmap for version 4.9.9 was released earlier this week. The schedule currently proposes 4.9.9 being released during the first week of November.  […]

Vulnerable WordPress Plugins Report for the Week of August 31, 2018

Vulnerable Plugins Nine disclosures since last week, with four issues unfixed. Additionally, Ninja Forms has released version 3.3.14 which addresses the CSV Injection vulnerability disclosed last week. View this week’s vulnerable plugins list. Other Security News Joomla! released version 3.8.12 which addressed three security issues: potential file upload vulnerability, store cross-site scripting vulnerability, and an ACL Violation in custom […]

Vulnerable WordPress Plugins Report for the Week of August 24, 2018

Vulnerable Plugins Five disclosures since last week, with four issues unfixed, the most serious being an unfixed CSV Injection vulnerability in Ninja Forms. View this week’s vulnerable plugins list. Other Security News phpMyAdmin released a patch earlier this week that addresses an authenticated, stored cross-site scripting issue.  Similarly, the Apache Foundation released a critical patch earlier […]

Vulnerable WordPress Plugins Report for the Weeks of July 27 through August 10, 2018

Vulnerable Plugins Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been patched with version 2.0.23. View this week’s vulnerable plugins list. An Unauthenticated Arbitrary File Upload is a critical vulnerability, so you should update this plugin […]

Vulnerable WordPress Plugins Report for the Weeks of July 9 through July 20, 2018

Vulnerable Plugins Eight disclosures over the last two week, with five issues unfixed, one critical. An authenticated arbitrary file upload vulnerability has been identified in the MapSVGLite plugin that remains unfixed. You should remove the plugin as soon as possible until the issue has been resolved. View this week’s vulnerable plugins list. Other WordPress News The […]