The WPCampus Blog

Fundraising for WPCampus Gutenberg Accessibility Audit

Update to this post: Our vendor has been selected and our final fundraising goal has been set at $31,200. You can learn more about the entire project by attending The WPCampus Gutenberg Accessibility Audit session at WPCampus Online 2019. Last month, WPCampus released a request for proposals to conduct an accessibility audit of the WordPress […]

Vulnerable WordPress Plugins Report for the Weeks of October 20 through November 2, 2018

Vulnerable Plugins There were eight disclosures over the last two weeks, with two issues unfixed, one unknown. The disclosures that will affect the most people are the stored cross-site scripting vulnerabilities in Elegant Themes’ Divi Builder plugin, Divi theme and Extra theme. If you’re using those products be sure to get the latest updates from Elegant […]

WPCampus Releases Gutenberg Accessibility Audit RFP

Thank you to all who took the time to submit a proposal in response to our RFP for an accessibility audit of the WordPress Gutenberg editor. Our selection committee will begin its review process and will be in touch if we have any questions. WPCampus has released a request for proposals seeking an accessibility audit […]

Vulnerable WordPress Plugins Report for the Weeks of October 6 through October 19, 2018

Vulnerable Plugins There were ten disclosures over the last two weeks, with three issues unfixed. The most serious is an arbitrary file upload vulnerability in the csv2wpec-coupon plugin, which is related to the recently disclosed vulnerability in the Blueimp JQuery File Upload Plugin package. However, there are less than 10 sites with the csv2wpec-coupon so it’s unlikely […]

Vulnerable WordPress Plugins Report for the Week of September 28, 2018

Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week’s vulnerable plugins list. Other WordPress Security News There were several reports this week that the United Nation’s WordPress site was leaking “thousands or resumes” (The Register has since updated their story after I contacted them).   As it turns out, […]

Vulnerable WordPress Plugins Report for the Week of September 21, 2018

Vulnerable Plugins Ten disclosures since last week, with four issues unfixed, the most serious being an Authenticated Arbitrary File Upload vulnerability in Advanced Contact form 7 DB. View this week’s vulnerable plugins list. Other Security News Specifics of the Remote Code Execution vulnerability in Moodle were disclosed earlier this week. The disclosure includes Proof-of-Concept code so […]

Vulnerable WordPress Plugins Report for the Weeks of September 1 through September 14, 2018

Vulnerable Plugins Apologies for not sending out a report last week. There were seven disclosures over the last two weeks, with two issues unfixed. View this week’s vulnerable plugins list. WordPress News The roadmap for version 4.9.9 was released earlier this week. The schedule currently proposes 4.9.9 being released during the first week of November.  […]