Eight disclosures over the last two week, with five issues unfixed, one critical. An authenticated arbitrary file upload vulnerability has been identified in the MapSVGLite plugin that remains unfixed. You should remove the plugin as soon as possible until the issue has been resolved.
View this week’s vulnerable plugins list.
Other WordPress News
The second beta for WordPress version 4.9.8 is available. The final release for 4.9.8 is still scheduled for July 31 so begin making plans to get it into your Change Management schedule.
Other Security News
Multiple vulnerabilities were patched, including a potential Remote Code Execution, in the latest updates from Gitlab. The updates cover version 11.0, 10.8 and 10.7 of the Community Edition and Enterprise Edition.