Five disclosures since last week, with four issues unfixed, the most serious being an unfixed CSV Injection vulnerability in Ninja Forms.
View this week’s vulnerable plugins list.
Other Security News
phpMyAdmin released a patch earlier this week that addresses an authenticated, stored cross-site scripting issue. Similarly, the Apache Foundation released a critical patch earlier this week for the Struts framework (yes, the same one that was used last year to breach Equifax) that addresses a remote code execution vulnerability.