29 vulnerabilities this week, with 5 needing a fix (with some, possibly, on the way). The first 3 vulnerabilities in the list are confirmations of possible vulnerabilities from last week....
Pat Lockley
Pat Lockley
Academic technologist and pedagogic outfitter. WordPressing since 2010. Themes, plugins, security, tweaks
From our Community Blog
Vulnerable Plugins report for the week of September 6th, 2019
26 vulnerabilities this week, with 7 needing a fix (with some, possibly, on the way). Formidable Forms appears for the fourth time in a month, so you may wish to...
Vulnerable Plugins report for the week of August 30th, 2019
27 vulnerabilities this week, with 4 unfixed, but 1 being worked on. WooCommerce PayU India (PayUmoney – PayUbiz) , Instamojo for WooCommerce and DW Mega Menu are all closed and...
Vulnerable WordPress Plugins Report for the Week of August 23, 2019
Vulnerable Plugins There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren't showing as available yet in the public repository. The most...
Vulnerable WordPress Plugins Report for the Week of August 16, 2019
Vulnerable Plugins There are eighteen issues this week, with eight unfixed. The most critical this week is an Arbitrary File Upload vulnerability via Cross-Site Request Forgery vulnerability in the Maintenance...
Vulnerable WordPress Plugins Report for the Week of August 9, 2019
Vulnerable Plugins There are eighteen issues this week, with three unfixed. The most critical this week are Privilege Escalation vulnerabilities via Unauthenticated Option Update vulnerabilities in the Donations, Booking, Learning...
Vulnerable Plugins report for the week of August 2nd, 2019
23 vulnerabilities this week, with 9 unfixed (some are commercial plugins where a change log isn't easily available, some are dot org plugins are being worked on - see the...
Vulnerable Plugins report for the week of July 26th, 2019
27 vulnerabilities this week (which means so far in july we've had 105 issues), with 4 unfixed. It's bad week for cache plugins, with WP Super Cache, WP fastest cache...
Vulnerable WordPress Plugins Report for the week of July 19, 2019
26 issues this week, with 6 so far unfixed - though Advanced CF7 DB (Advanced Contact form 7 DB) seems to be being worked on. All-in-one migration has multiple issues...
Vulnerable WordPress Plugins Report for the Week of July 12, 2019
Vulnerable Plugins There are twenty nine issues this week, with only one unfixed. The most critical this week are Authenticated (low privileged user) Arbitrary Options Update vulnerability in the One...
Vulnerable WordPress Plugins Report for the Week of July 5, 2019
Vulnerable Plugins There are twenty four issues this week, with five unfixed. The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin...
Vulnerable WordPress Plugins Report for the Week of June 14, 2019
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and...
Vulnerable WordPress Plugins Report for the Week of June 7, 2019
Vulnerable Plugins There are thirteen issues this week, with five unfixed. The most critical this week is an Arbitrary File Upload vulnerability in Crelly Slider, discovered by NinTechNet. View this...
Vulnerable WordPress Plugins Report for the Week of May 31, 2019
Vulnerable Plugins There are sixteen issues this week, with two unfixed. The most critical this week are a privilege escalation issue in Slick Popups and an Unauthenticated Administrator Creation vulnerability...
Vulnerable WordPress Plugins Report for the Week of May 24, 2019
Vulnerable Plugins There are fifteen issues this week, with five unfixed. The most critical this week is in WPGraphQL which includes Create administrative users Post comments on articles bypassing article...
Vulnerable WordPress Plugins Report for the Week of May 17, 2019
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in...
Vulnerable WordPress Plugins Report for the Weeks of April 27, 2019 through May 10, 2019
Vulnerable Plugins Twenty-two issues over the last two weeks, with only two issues unfixed. The most critical updates are the Remote Code Execution vulnerability in the plugins W3 Total Cache,...