Three disclosures since last week, with two issues unfixed.
View this week’s vulnerable plugins list.
Other WordPress News
Version 4.9.5 of WordPress is now in beta and has been scheduled for release on April 3rd. While 4.9.5 will be a maintenance release, it will interestingly include administrative dashboard call-outs to try-out Gutenberg (h/t to Brian DeConinck for sharing the information). Please be aware that Gutenberg is still beta software so be cautious of installing it on your production sites. Luckily, the call outs will only show for users who have the ability to install plugins if Gutenberg isn’t already installed.
Other Security News
On Wednesday, the Drupal security team announced a highly critical patch will be released on March 28th. Given that the security team rarely pre-announces security patches, and the highly critical rating, this patch will most likely be on-par with Drualgeddon in terms of severity. You should plan now on spending next Wednesday patching your Drupal sites as soon as the patch is made public.
One other disclosure that might affect your environments: a path traversal vulnerability was disclosed today for the Bomgar Remote Support portal.