Two disclosures since last week, with zero issues unfixed.
View this week’s vulnerable plugins list.
Other WordPress News
Version 4.9.6 is now in beta, with a tentative official release date of May 15th. 4.9.6 contains 10 bug fixes, and 34 features/enhancements, most of which revolve around privacy and personal data tools to assist site owners deal with the European Union’s General Data Protection Regulation (GDPR). There should be at least one release candidate, currently scheduled for May 8th. If your site isn’t configured for auto-updates, then start planning to get the 4.9.6 scheduled into your change management system.
Other Security News
A critical code execution vulnerability in the Windows version of Sourcetree (a popular GIT GUI) was disclosed on Monday. Windows users of Sourcetree are strongly encouraged to update to version 18.104.22.168.
Twitter announced yesterday they recently discovered some passwords were being stored in plaintext in internal logs, and were encouraging users to update their passwords. Interestingly, this announcement was just three days after GitHub announced a similar finding. Both companies have said they have not found any evidence that the passwords were stolen or misused. However, since there is the chance your password was disclosed, it’s best to go ahead and update them at both services.
WordCamp St. Louis is coming up next week. Not only will Chris Wiegman be there as a keynote, yours truly will be there presenting on GIT. If you’re in Missouri, or western Illinois, you should make a point to try and attend.