Hello everyone, and happy summer! I come bearing great news, a piece of bad news, and an update on our leadership transition process. WPCampus 2022 will not take place The...
The WPCampus Community Blog
About the blog
The WPCampus Community Blog is the place for all primary and essential announcements related to our organization and community's growth.
If you're interested in helping plan our community, participate in surveys or looking for leadership and volunteer opportunities, visit the WPCampus Planning Blog.
Subscribe to updates
This mailing list sends an automated email that lets you know when we post to the WPCampus Community Blog.
Subscribe to Community Blog updatesBlog posts
A transition for WPCampus leadership and dates for WPCampus 2022
Hello dear friends and WPCampus community members. It has been quite some time since I shared an update. I hope 2022 has been good for you. A lot of intense...
WPCampus 2021 Online recordings are now available
The video recordings from the WPCampus 2021 Online presentations are now available and accessible via the event schedule. All videos are captioned and will soon include full transcripts. Planning ahead for...
Submit a matching donation and help WPCampus support others
One of our WPCampus traditions is to use the “previously allocated to swag” portion of our event planning budget to support a nonprofit organization. Swag is fun, but it can...
Nominate someone (or yourself) for a WPCampus 2021 Online panel
WPCampus 2021 Online is right around the corner and the organizing committee needs your help to nominate panelists for two conference sessions. If you would like to participate or would...
Announcing the WPCampus 2021 schedule, opening registration
The WPCampus community is thrilled to announce the schedule for WPCampus 2021 Online and open registration. The event will take place September 21-22, 2021. Register for WPCampus 2021 Online What's different for WPCampus 2021...
Call for WPCampus 2021 Online Volunteers and Sponsors
ICYMI: The WPCampus community has announced our 2021 conference, WPCampus 2021 Online, in an online format on September 21-22 (Tuesday-Wednesday). Here are a few updates regarding the event, including: Our call for volunteers...
WPCampus 2021 will be online September 21-22, call for proposals open
The WPCampus community is excited to announce we will present our 2021 conference, WPCampus 2021 Online, in an online format on September 21-22 (Tuesday-Wednesday). About the event WPCampus 2021 Online...
Participate in the WPCampus 2021 Survey
Due to COVID, and the ongoing instability surrounding in-person events, WPCampus 2021 will be presented in an online format. Not being able to spend time together in-person (again) is rough,...
Announcing the WPCampus Planning Blog
Since the beginning of WPCampus, a key element of our community's success and growth has been ensuring all members have the chance to be heard when it comes to planning...
Final numbers for the WPCampus 2020 Online donation campaign
One of our WPCampus traditions is to use the “previously allocated to swag” portion of our event income to support a nonprofit organization. Traditionally, we sponsor a fundraising campaign to...
Registration is open for WPCampus 2020 Online
The WPCampus 2020 Online planning committee is proud to announce the WPCampus 2020 Online schedule and open registration. How to register for the event WPCampus 2020 Online is a free...
Donate and help WPCampus support humanity
One of our WPCampus traditions is to use the "previously allocated to swag" portion of our event income to support a nonprofit organization. Swag is fun, but it can be...
WPCampus 2020 Online to change dates to July 29-31
On April 23, the Drupal Association announced “the first-ever virtual DrupalCon” which will take place July 14-17, 2020, the same time period as WPCampus 2020 Online. We felt there is...
WPCampus 2020 to go online, meet in New Orleans for 2021
The WPCampus community decided to pivot our 2020 in-person event to an online conference and re-scheduled to convene in New Orleans, Louisiana, for WPCampus 2021. WPCampus 2020 Online will take...
Status of WPCampus 2020 conference survey
The impact of COVID-19 is being felt around the world. While WPCampus 2020 is still four months away, the effects of COVID-19 are rapidly evolving, and the emotional and physical...
Help WPCampus redesign our website
A few months ago, The WPCampus community established a redesign working group with the goal of redesigning our community's main website: https://wpcampus.org. It's been an exciting project! The amazing group...
Call for speakers open for WPCampus 2020
The call for WPCampus 2020 session proposals is open! Join us in New Orleans for our fifth-annual conference and share all of the incredible things you're doing to advance Higher Education...
Save the date for WPCampus 2020 speaker proposals
The WPCampus community is excited to announce that our WPCampus 2020 call for proposals will be opening next week! We’re looking forward to another year of wonderful ideas, demonstrations, brainstorming,...
Save the date for WPCampus 2020 in New Orleans
The WPCampus community is excited to announce the dates for our 2020 in-person conference. When and where Join us July 15-17, 2020 for three days of learning, sharing, and networking...
Vulnerable Plugins report for the week of September 13th, 2019
29 vulnerabilities this week, with 5 needing a fix (with some, possibly, on the way). The first 3 vulnerabilities in the list are confirmations of possible vulnerabilities from last week....
Vulnerable Plugins report for the week of September 6th, 2019
26 vulnerabilities this week, with 7 needing a fix (with some, possibly, on the way). Formidable Forms appears for the fourth time in a month, so you may wish to...
Vulnerable Plugins report for the week of August 30th, 2019
27 vulnerabilities this week, with 4 unfixed, but 1 being worked on. WooCommerce PayU India (PayUmoney – PayUbiz) , Instamojo for WooCommerce and DW Mega Menu are all closed and...
Vulnerable WordPress Plugins Report for the Week of August 23, 2019
Vulnerable Plugins There are eighteen issues this week, with two unfixed, and five where fixes have been committed but aren't showing as available yet in the public repository. The most...
Vulnerable WordPress Plugins Report for the Week of August 16, 2019
Vulnerable Plugins There are eighteen issues this week, with eight unfixed. The most critical this week is an Arbitrary File Upload vulnerability via Cross-Site Request Forgery vulnerability in the Maintenance...
Vulnerable WordPress Plugins Report for the Week of August 9, 2019
Vulnerable Plugins There are eighteen issues this week, with three unfixed. The most critical this week are Privilege Escalation vulnerabilities via Unauthenticated Option Update vulnerabilities in the Donations, Booking, Learning...
Vulnerable Plugins report for the week of August 2nd, 2019
23 vulnerabilities this week, with 9 unfixed (some are commercial plugins where a change log isn't easily available, some are dot org plugins are being worked on - see the...
Vulnerable Plugins report for the week of July 26th, 2019
27 vulnerabilities this week (which means so far in july we've had 105 issues), with 4 unfixed. It's bad week for cache plugins, with WP Super Cache, WP fastest cache...
Meet the Associate Sponsors of WPCampus 2019
Our thanks to Funnelback, HelpJet, Milepost 42, and Sticker Mule for supporting WPCampus 2019.
Meet the Undergraduate Sponsors of WPCampus 2019
Our thanks to ACF, DragonTeach, elearningfreak, Happy Prime, LearnDash, Pgogy Webstuff, Platform.sh, and SMILE for supporting WPCampus 2019.
Vulnerable WordPress Plugins Report for the week of July 19, 2019
26 issues this week, with 6 so far unfixed - though Advanced CF7 DB (Advanced Contact form 7 DB) seems to be being worked on. All-in-one migration has multiple issues...
Meet Monarx, WPCampus 2019 Sponsor
Monarx provides an application security solution that protects WordPress websites. We are so grateful to have this company sponsor WPCampus 2019.
Meet Pantheon, WPCampus 2019 Sponsor
Pantheon is a website operations platform for Drupal and WordPress. We are so grateful to have this company as the doctoral sponsor for WPCampus 2019.
Meet Modern Tribe, WPCampus 2019 Sponsor
Modern Tribe is a digital agency for the modern university. We are so grateful to have this company sponsor WPCampus 2019.
Meet CampusPress and WPMU DEV, WPCampus 2019 Sponsors
CampusPress has powered WordPress Multisite networks for thousands of schools and universities around the world. WPMU DEV is giving WordPress superpowers to users around the world. We are so happy to have...
WPCampus 2019 sessions will be live streamed for free
Registration for WPCampus 2019 may be closed but no worries! You can still attend many of our amazing sessions virtually. With the exception of workshops, sessions from WPCampus 2019 will...
Vulnerable WordPress Plugins Report for the Week of July 12, 2019
Vulnerable Plugins There are twenty nine issues this week, with only one unfixed. The most critical this week are Authenticated (low privileged user) Arbitrary Options Update vulnerability in the One...
Vulnerable WordPress Plugins Report for the Week of July 5, 2019
Vulnerable Plugins There are twenty four issues this week, with five unfixed. The most critical this week is an unfixed Authenticated Arbitrary File Upload vulnerability with the MapsSVG Lite plugin...
Vulnerable WordPress Plugins Report for the Week of June 28, 2019
Vulnerable Plugins There are thirty four issues this week, with four unfixed. The most critical this week is an unfixed Arbitrary Password Reset vulnerability with the Ultimate Members plugin. Since...
Donate and help WPCampus support digital inclusion
For the WPCampus 2019 conference, the WPCampus community is excited to spend July 25 - 27 learning, networking, and sharing at Lewis and Clark College in Portland, Oregon. Every year...
Vulnerable WordPress Plugins Report for the Week of June 21, 2019
Vulnerable Plugins There are twenty issues this week, with three unfixed. The most critical this week are an Arbitrary Settings Update vulnerability in Real Estate Manager (unfixed), a Cross-Site Request...
Vulnerable WordPress Plugins Report for the Week of June 14, 2019
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week are two Arbitrary File Upload vulnerabilities in Finale WooCommerce Sale Countdown (fix available) and...
Vulnerable WordPress Plugins Report for the Week of June 7, 2019
Vulnerable Plugins There are thirteen issues this week, with five unfixed. The most critical this week is an Arbitrary File Upload vulnerability in Crelly Slider, discovered by NinTechNet. View this...
Vulnerable WordPress Plugins Report for the Week of May 31, 2019
Vulnerable Plugins There are sixteen issues this week, with two unfixed. The most critical this week are a privilege escalation issue in Slick Popups and an Unauthenticated Administrator Creation vulnerability...
Vulnerable WordPress Plugins Report for the Week of May 24, 2019
Vulnerable Plugins There are fifteen issues this week, with five unfixed. The most critical this week is in WPGraphQL which includes Create administrative users Post comments on articles bypassing article...
Announcing our Diversity, Equity, and Inclusion statement
The WPCampus community is delighted to announce our official Diversity, Equity, and Inclusion statement. This statement came from a desire by the WPCampus leadership to prioritize issues of equity and...
Vulnerable WordPress Plugins Report for the Week of May 17, 2019
Vulnerable Plugins There are nineteen issues this week, with five unfixed. The most critical this week is the Sensitive Information Disclosure, Arbitrary File Deletion, and multiple Cross-Site Scripting vulnerabilities in...
Vulnerable WordPress Plugins Report for the Weeks of April 27, 2019 through May 10, 2019
Vulnerable Plugins Twenty-two issues over the last two weeks, with only two issues unfixed. The most critical updates are the Remote Code Execution vulnerability in the plugins W3 Total Cache,...
Tenon to host public webinar to discuss Gutenberg accessibility audit results
WPCampus is excited to announce that our accessibility testing vendor, Tenon LLC, will host a public webinar and question-and-answer session to discuss the results of the Gutenberg accessibility audit. The...
WPCampus releases results of the Gutenberg accessibility audit
In late 2018, WPCampus released a request for proposals to conduct an accessibility audit of the WordPress block editor, also known as Gutenberg. In early 2019, we announced our selection...
Vulnerable WordPress Plugins Report for the Week of April 26, 2019
Vulnerable Plugins There are nine issues this week, with five unfixed. The two most critical are an Arbitrary File Upload vulnerability in the WooCommerce Checkout Manager plugin (closed in public...
Vulnerable WordPress Plugins Report for the Weeks of April 6, 2019 through April 19, 2019
Vulnerable Plugins Fifteen issues over the last two weeks, with five issues unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Week of April 5, 2019
Vulnerable Plugins There are twenty-two items on the list this week, with six unfixed. The issue with the most visibility this week by far, was the controversy surrounding the Pipdig...
Announcing WPCampus 2019. Call for Proposals Open!
We’re excited to officially announce WPCampus 2019! Join us July 25-27 at Lewis & Clark College in Portland, Oregon. About WPCampus 2019 WPCampus is a three-day conference event filled with...
Vulnerable WordPress Plugins Report for the Week of March 29, 2019
Vulnerable Plugins There are seventeen items on the list this week, with twelve unfixed. View this week's vulnerable plugins list. Other Security News PuTTY released version 0.71 which addresses multiple...
Vulnerable WordPress Plugins Report for the Week of March 22, 2019
Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Unauthenticated Arbitrary wp_options import vulnerability in Easy WP SMTP,...
WPCampus 2019 Call for Proposals: Save the Date!
Hello WPCampus friends! We’re excited to announce that our Call for Proposals for this year’s conference will be opening soon! We’re looking forward to another year of wonderful ideas, demonstrations,...
Vulnerable WordPress Plugins Report for the Week of March 15, 2019
Vulnerable Plugins There are eleven items on the list this week, with three unfixed. The most critical this week are the Sensitive Information Disclosure/Authenticated Arbitrary File Read vulnerability in Caldera...
Vulnerable WordPress Plugins Report for the Week of March 8, 2019
Vulnerable Plugins There are twenty items on the list this week, with the vast majority of them related to the Freemius framework disclosure that happened last week. WPVulnDB also has...
Vulnerable WordPress Plugins Report for the Weeks of February 22 through March 1, 2019
Vulnerable Plugins Seventeen disclosures since last week, with four issues unfixed. View this week's vulnerable plugins list. We're likely to see many more plugins updated over the next week as...
Vulnerable WordPress Plugins Report for the Week of February 15, 2019
Vulnerable Plugins Nine disclosures since last week, with all issues fixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Week of February 8, 2019
Vulnerable Plugins Twenty-one disclosures since last week, with eight issues unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Week of February 1, 2019
Vulnerable Plugins Twelve disclosures since last week, with four issues unfixed. The most serious is an Arbitrary File Upload vulnerability in the plugin Slider by 10Web. It appears that the...
Vulnerable WordPress Plugins Report for the Week of January 25, 2019
Vulnerable Plugins Three disclosures since last week, with all issues fixed. However, right as I was writing this post, WordFence released a post detailing multiple vulnerabilities in the plugin Total...
Vulnerable WordPress Plugins Report for the Weeks of January 5, 2019 through January 18, 2019
Vulnerable Plugins Fifteen disclosures over the last two weeks, with twelve issues unfixed. View this week's vulnerable plugins list. The most severe issue from this report is a Confidential Information...
Gutenberg Accessibility Audit Vendor Selection
WPCampus is excited to announce our selection of Tenon LLC to conduct an accessibility audit of the Gutenberg content editor. Founded by Karl Groves, Tenon is a leader in the...
Vulnerable WordPress Plugins Report for the Weeks of December 21, 2018 through January 4, 2019
Vulnerable Plugins Six disclosures over the last two weeks, with three issues unfixed. View this week's vulnerable plugins list. Luckily, the unfixed vulnerabilities are all in plugins that are fairly...
Vulnerable WordPress Plugins Report for the Week of December 21, 2018
Vulnerable Plugins Six disclosures since last week, with four issues unfixed. View this week's vulnerable plugins list. I won't be doing a report next week due to the holidays. I'll...
Vulnerable WordPress Plugins Report for the Week of December 14, 2018
Vulnerable Plugins Thirteen disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Other WordPress Security News Version 5.0.1 was released earlier this week and corrects...
Vulnerable WordPress Plugins Report for the Week of December 7, 2018
Vulnerable Plugins Fifteen disclosures since last week, with zero issues unfixed. View this week's vulnerable plugins list. Four issues are critical and should be updated immediately: Redirection for versions 3.6.2...
Vulnerable WordPress Plugins Report for the Weeks of November 17 through November 30, 2018
Vulnerable Plugins There were four disclosures over the last two weeks, with one issue unfixed. View this week's vulnerable plugins list. A weekly report on a Monday? Yeah. There were...
Fundraising for WPCampus Gutenberg Accessibility Audit
Update to this post: Our vendor has been selected and our final fundraising goal has been set at $31,200. You can learn more about the entire project by attending The...
Vulnerable WordPress Plugins Report for the Week of November 16, 2018
Vulnerable Plugins Five disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Quick note that there will not be a report next week due to...
Vulnerable WordPress Plugins Report for the Week of November 9, 2018
Vulnerable Plugins Eleven disclosures since last week, with three issues unfixed, one unknown. View this week's vulnerable plugins list. Far and away the most serious issue this last week was...
Vulnerable WordPress Plugins Report for the Weeks of October 20 through November 2, 2018
Vulnerable Plugins There were eight disclosures over the last two weeks, with two issues unfixed, one unknown. The disclosures that will affect the most people are the stored cross-site scripting...
WPCampus Releases Gutenberg Accessibility Audit RFP
WPCampus has released a request for proposals seeking an accessibility audit of the WordPress "Gutenberg" editor. Our organization is sensitive to the legal requirements set by Section 508 of the...
Vulnerable WordPress Plugins Report for the Weeks of October 6 through October 19, 2018
Vulnerable Plugins There were ten disclosures over the last two weeks, with three issues unfixed. The most serious is an arbitrary file upload vulnerability in the csv2wpec-coupon plugin, which is...
Vulnerable WordPress Plugins Report for the Week of October 5, 2018
Vulnerable Plugins Seven disclosures since last week, with four issues unfixed. View this week's vulnerable plugins list. Other WordPress News Earlier this week, the WordPress core team announced the release date for...
Vulnerable WordPress Plugins Report for the Week of September 28, 2018
Vulnerable Plugins Eight disclosures since last week, with two issues unfixed, and two unknown. View this week's vulnerable plugins list. Other WordPress Security News There were several reports this week that...
Vulnerable WordPress Plugins Report for the Week of September 21, 2018
Vulnerable Plugins Ten disclosures since last week, with four issues unfixed, the most serious being an Authenticated Arbitrary File Upload vulnerability in Advanced Contact form 7 DB. View this week's vulnerable...
Vulnerable WordPress Plugins Report for the Weeks of September 1 through September 14, 2018
Vulnerable Plugins Apologies for not sending out a report last week. There were seven disclosures over the last two weeks, with two issues unfixed. View this week's vulnerable plugins list....
Vulnerable WordPress Plugins Report for the Week of August 31, 2018
Vulnerable Plugins Nine disclosures since last week, with four issues unfixed. Additionally, Ninja Forms has released version 3.3.14 which addresses the CSV Injection vulnerability disclosed last week. View this week's vulnerable plugins list....
Vulnerable WordPress Plugins Report for the Week of August 24, 2018
Vulnerable Plugins Five disclosures since last week, with four issues unfixed, the most serious being an unfixed CSV Injection vulnerability in Ninja Forms. View this week's vulnerable plugins list. Other...
Vulnerable WordPress Plugins Report for the Week of August 17, 2018
Vulnerable Plugins Four disclosures since last week, with two issues unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Weeks of July 27 through August 10, 2018
Vulnerable Plugins Somehow (thankfully) there has been only one public disclosure over the last two weeks: an Unauthenticated Arbitrary File Upload vulnerability in the Ultimate Member plugin that has been...
Vulnerable WordPress Plugins Report for the Week of July 26, 2018
Vulnerable Plugins Four disclosures since last week, with one issue unfixed, one unsure but assumed unfixed. View this week's vulnerable plugins list. Yes, I know it's not Friday, but I'll...
Vulnerable WordPress Plugins Report for the Weeks of July 9 through July 20, 2018
Vulnerable Plugins Eight disclosures over the last two week, with five issues unfixed, one critical. An authenticated arbitrary file upload vulnerability has been identified in the MapSVGLite plugin that remains unfixed....
Breaking Away from the “Sea of Sameness” in Higher Ed
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Vulnerable WordPress Plugins Report for the Weeks of June 22 through July 8, 2018
Vulnerable Plugins Ten disclosures over the last two week, with three issues unfixed. View this week's vulnerable plugins list. Other WordPress Security News The big news last week and into...
Meet DDEV, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
PSA: Arbitrary File Deletion vulnerability in all current versions of WordPress
Update 20180705: version 4.9.7 has been released and addresses the issue below. RipsTech (static analysis for PHP) yesterday disclosed an arbitrary file deletion vulnerability in all versions of WordPress. The...
Meet BoldGrid, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Vulnerable WordPress Plugins Report for the Week of June 22, 2018
Vulnerable Plugins Six disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Other Security News Including this one only because I never imagined someone being...
Join us at HighEdWeb Oct. 21-24
100+ presentations, two world-class keynotes and a great community. HighEdWeb provides valuable professional development for all who want to explore the unique digital issues facing colleges and universities.
Meet Pantheon, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Meet CampusPress, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Vulnerable WordPress Plugins Report for the Week of June 15, 2018
Vulnerable Plugins Ten disclosures since last week, with two issues unfixed. View this week's vulnerable plugins list. Other Security Came across a fun little security testing playground. Allows you to...
Meet 10up, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Vulnerable WordPress Plugins Report for the Week of June 7, 2018
Vulnerable Plugins Seventeen disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Other WordPress Security Defiant released a whitepaper earlier this week covering a new...
Meet SiteLock, WPCampus 2018 Sponsor
This post is part of a series featuring sponsors from our WPCampus 2018 conference. Events like WPCampus would not be possible without the support of these amazing organizations. Be sure...
Vulnerable WordPress Plugins Report for the Week of June 1, 2018
Vulnerable Plugins Ten disclosures since last week, with five issues unfixed. View this week's vulnerable plugins list. Other Security News As I mentioned last week, a new malware, dubbed VPNFilter,...
Vulnerable WordPress Plugins Report for the Week of May 25, 2018
Vulnerable Plugins Six disclosures since last week, with three issues still unfixed. View this week's vulnerable plugins list. WordPress Security New WordFence released an interesting report on Tuesday that showcased...
Vulnerable WordPress Plugins Report for the Week of May 18, 2018
Vulnerable Plugins Eleven disclosures since last week, with one critical unfixed. KingComposer has an Arbitrary File Upload vulnerability in its current version. You should remove the plugin until the author has...
Vulnerable WordPress Plugins Report for the Week of May 11, 2018
Vulnerable Plugins Three disclosures since last week, with all three issues unfixed. WP Google Drive has not been updated in six years and should be replaced, if you haven't already. View...
Vulnerable WordPress Plugins Report for the Week of May 4, 2018
Vulnerable Plugins Two disclosures since last week, with zero issues unfixed. View this week's vulnerable plugins list. Other WordPress News Version 4.9.6 is now in beta, with a tentative official...
Vulnerable WordPress Plugins Report for the Week of April 27, 2018
Vulnerable Plugins Twelve disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Other Security News Cross-Site Request Forgery vulnerability disclosed in phpMyAdmin 4.8.0 and earlier...
Vulnerable WordPress Plugins Report for the Week of April 20, 2018
Vulnerable Plugins Just two disclosures since last week, with one issue unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Week of April 13, 2018
Vulnerable Plugins Nine disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Apologies for not getting this report out on Friday. I had other issues...
Vulnerable WordPress Plugins Report for the Week of April 6, 2018
Vulnerable Plugins Three disclosures since last week, with one issue unfixed. View this week's vulnerable plugins list. Other WordPress News As previously mentioned, v4.9.5 was released on April 3rd. While...
Vulnerable WordPress Plugins Report for the Week of March 30, 2018
Vulnerable Plugins Seven disclosures since last week, with one issue unfixed. View this week's vulnerable plugins list. Other WordPress News As noted last week, WordPress version 4.9.5 is scheduled for release...
Vulnerable WordPress Plugins Report for the Week of March 23, 2018
Vulnerable Plugins Three disclosures since last week, with two issues unfixed. View this week's vulnerable plugins list. Other WordPress News Version 4.9.5 of WordPress is now in beta and has...
Vulnerable WordPress Plugins Report for the Week of March 16, 2018
Vulnerable Plugins Thirteen disclosures since last week, with four issues unfixed. View this week's vulnerable plugins list. As with previous weeks, there are a few fairly popular plugins in this...
GutenDay at NC State
In addition to this blog post, you can hear more about NC State's GutenDay on the WPCampus Podcast! We were vaguely aware of Gutenberg all through 2017. Our team in...
Vulnerable WordPress Plugins Report for the Week of March 9, 2018
Vulnerable Plugins Five disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Please note there are a couple of fairly popular plugins in this week's...
Vulnerable WordPress Plugins Report for the Week of March 2, 2018
Vulnerable Plugins Seven disclosures since last week, with only one issue unfixed. View this week's vulnerable plugins list. Please note there are a couple of fairly popular plugins in this...
Vulnerable WordPress Plugins Report for the Week of February 23, 2018
Vulnerable Plugins Nine disclosures since last week, with all issues fixed! View this week's vulnerable plugins list. Please note there are a couple of fairly popular plugins in this week's...
Vulnerable WordPress Plugins Report for the Weeks of February 9, 2018 and February 16, 2018
Vulnerable Plugins Eighteen disclosures over the last two weeks, with nine issues unfixed. View the last two weeks' vulnerable plugins list. Other Security News Way back in 2014, Google announced...
Version 4.9.3, Version 4.9.4 and the Denial of Service Vulnerability
As I mentioned on Friday, WordPress version 4.9.3 was released as scheduled Monday mid-day. If you have auto-updates enabled, you might have been surprised to see another WordPress update (4.9.4) come through...
Vulnerable WordPress Plugins Report for the Week of February 2, 2018
Vulnerable Plugins Seven disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. Other WordPress News WordPress core announced on Tuesday version 4.9.3 will be delayed until...
Vulnerable WordPress Plugins Report for the Week of January 26, 2018
Vulnerable Plugins Eighteen disclosures since last week, with five issues unfixed. Plus two disclosures (Ninja Popups) that I missed last week. View this week's vulnerable plugins list. WPCampus Online Don't...
Vulnerable WordPress Plugins Report for the Week of January 12, 2018
Vulnerable Plugins Six disclosures since last week, with three issues unfixed. View this week's vulnerable plugins list. WordPress Security News Version 4.9.2 was released on Tuesday. It is a security...
Vulnerable WordPress Plugins Report for the Week of January 12, 2018
Vulnerable Plugins Keep it short and sweet this week: twenty-seven disclosures since last week, with seven issues unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Weeks of December 29, 2017 and January 5, 2018
Vulnerable Plugins Ten disclosures over the last two weeks, with four issues unfixed. View this week's vulnerable plugins list. I hope everyone had a wonderful and relaxing holiday break. Unfortunately,...
Vulnerable WordPress Plugins Report for the Week of December 22, 2017
Vulnerable Plugins Twenty-six disclosures this week, with ten issues unfixed. View this week's vulnerable plugins list. The most concerning disclosure this week was the discovery by Wordfence that the plugin Captcha...
Vulnerable WordPress Plugins Report for the Week of December 15, 2017
Vulnerable Plugins Seven disclosures this week, with five issues unfixed. View this week's vulnerable plugins list. Other Security News I've discussed the DorkBot service from UT Austin a couple of...
Vulnerable WordPress Plugins Report for the Week of December 8, 2017
Vulnerable Plugins Six disclosures this week, with two issues unfixed. View this week's vulnerable plugins list.
Vulnerable WordPress Plugins Report for the Weeks of November 24 and December 1, 2017
Vulnerable Plugins Fifteen disclosures over the last two weeks, with eleven issues unfixed. View this week's vulnerable plugins list. I hope everyone in the State's had a great Thanksgiving last...
Vulnerable WordPress Plugins Report for the Week of November 17, 2017
Vulnerable Plugins Twenty-two disclosures this week, with ten issues unfixed. View this week's vulnerable plugins list. The critical updates you should be aware of from this week's list are in...
Vulnerable WordPress Plugins Report for the Week of November 10, 2017
Vulnerable Plugins Six disclosures this week, with three issues unfixed. View this week's vulnerable plugins list. The most interesting disclosure this week, in my opinion, is that for the Animated...
Vulnerable WordPress Plugins Report for the Week of November 3, 2017
Vulnerable Plugins Nine disclosures this week, with one issue unfixed, one possibly unfixed (see the notes section in the spreadsheet). View this week's vulnerable plugins list. The largest disclosure this...
Please Update to WordPress v4.8.3 Immediately
Version 4.8.3 was just released moments ago. It address a SQL Injection issue discovered by Anthony Ferrara https://twitter.com/ircmaxell/status/923662170092638208 Confirmation from Anthony https://twitter.com/ircmaxell/status/925366959612538882 WordPress post concerning the update: https://make.wordpress.org/core/2017/10/31/changed-behaviour-of-esc_sql-in-wordpress-4-8-3/ and https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/...
Vulnerable WordPress Plugins Report for the Week of October 27, 2017
Vulnerable Plugins Nine disclosures this week, with five issues unfixed. View this week's vulnerable plugins list. The largest disclosure this week was most likely the SQL Injection combined with Object...
Vulnerable WordPress Plugins Report for the Weeks of October 13 and 20, 2017
Vulnerable Plugins Seventeen disclosures over the last two weeks, with six issues unfixed. View this week's vulnerable plugins list. Sorry I wasn't able to get last week's list out on...
Vulnerable WordPress Plugins Report for the Week of October 6, 2017
Vulnerable Plugins Fourteen disclosures this week, with six issues unfixed, with three of those critical. View this week's vulnerable plugins list. The big news this last week, at least in...
Vulnerable WordPress Plugins Report for the Week of September 29, 2017
Vulnerable Plugins Eleven disclosures this week, with two issues unfixed, both critical. Both have been removed from the public repository. View this week's vulnerable plugins list. As a point of...
Vulnerable WordPress Plugins Report for the Week of September 22, 2017
Vulnerable Plugins Fourteen disclosures this week, with five issues unfixed, and one that is critical. View this week's vulnerable plugins list. The critical disclosure this week is an Arbitrary File...
Vulnerable WordPress Plugins Report for the Week of September 15, 2017
Vulnerable Plugins Eight disclosures this week, with two issues unfixed, and two where I'm not sure. View this week's vulnerable plugins list. The two I'm unsure of this week are...
Vulnerable WordPress Plugins Report for the Week of September 8, 2017
Vulnerable Plugins Seventeen disclosures this week, with eight issues unfixed. View this week's vulnerable plugins list. Other Security News The big disclosure this week was the breach at Equifax. If...
Vulnerable WordPress Plugins Report for the Week of September 1, 2017
Vulnerable Plugins Ten disclosures this week, with three issues unfixed. View this week's vulnerable plugin list. The disclosure with the most visibility this week was in WooCommerce Product Vendors, where...
Vulnerable WordPress Plugins/Themes Report for the Week of August 25, 2017
Vulnerable Plugins/Themes Seven disclosures this week, with zero issues unfixed. YAY! View week's vulnerable plugin list. This week, let's look at the Authenticated, Unauthorized Information Disclosure vulnerability in version...
Vulnerable WordPress Plugins/Themes Report for the Week of August 18, 2017
Vulnerable Plugins/Themes Eleven disclosures this week, with three issues unfixed. View week's vulnerable plugin list. Going to highlight a couple from this week. The first is the discovery by researcher Lenon...
Vulnerable WordPress Plugins/Themes Report for the Week of August 11, 2017
Vulnerable Plugins/Themes Eleven disclosures this week, with two issues unfixed. View this week's vulnerable plugin list. We have one theme joining the list this week: GamePlan - Event and Gym...
Vulnerable WordPress Plugins Report for the week of August 4, 2017
Vulnerable Plugins Six disclosures this week, with three issues unfixed. View this week’s vulnerable plugin list. One of the disclosures is actually from last week that I intended to include...
Vulnerable WordPress Plugins Report for the Week of July 28, 2017
Vulnerable Plugins It was a busy week while I was away. Twenty disclosures, with eleven issues unfixed. In concerns to both Formcraft Form Builder, and Ultimate Affiliate Pro, since they...
Vulnerable WordPress Plugins Report for the Week of July 13, 2017
Nope, today is not friday (sorry). I'm going to be out-of-town tomorrow so I'm doing this week's report a day early. I'll also be out next week; as such, there...
Vulnerable WordPress Plugins Report for the week of July 7, 2017
Vulnerable Plugins Only four plugins with disclosed vulnerabilities this week, none of which remain unpatched! That's the fewest number of disclosures in a week since I started doing this report. You'll notice...
Vulnerable WordPress Plugins Report for the Week of June 30, 2017
Vulnerable Plugins Eight plugins with disclosed vulnerabilities this week, five of which remain unpatched. The most serious is FormCraft which contains two unfixed SQL Injection vulnerabilities. The packetstorm post mentions...
Vulnerable WordPress Plugins Report for the Week of June 23, 2017
Vulnerable Plugins This week's list is probably one of the shortest since I started doing these reports: only 6 plugins, with 3 having unfixed vulnerabilities. Unfortunately, one of them is...
Vulnerable WordPress Plugins Report for the Week of June 16, 2017
Introduction The weekly list is a collection of plugins and/or themes that have had vulnerabilities disclosed within the last week. I've historically created these weekly vulnerable plugin reports for the WordPress...