Four disclosures since last week, with one issue unfixed, one unsure but assumed unfixed.
View this week’s vulnerable plugins list.
Yes, I know it’s not Friday, but I’ll be out of town tomorrow and wanted to go ahead and get the report out. I’ll also be out of town next Friday as well so will be unable to do a report next week. I’ll either try to do it when I return the following Monday, or wait and do it on Friday and cover two weeks worth of disclosures.
Other WordPress News
Release Candidate 1 for v4.9.8 of WordPress was released on Tuesday, and the final release is still on target for July 31st.
Other Security News
In case you missed it (I know I did), Atlassian released a security update for their popular GIT client, Sourcetree, that patched a collection of Remote Code Execution vulnerabilities that affects versions between 1.0b2 through 2.75 on macOS and versions 0.5.1.0 through 2.6.9 on Windows. You’ll want to update as soon as possible.