Eleven disclosures since last week, with three issues unfixed, one unknown.
View this week’s vulnerable plugins list.
Far and away the most serious issue this last week was a combined set of vulnerabilities in the WP GDPR Compliance plugin that could allow attackers to add themselves to a site as an administrator and/or install backdoor code into a site. This vulnerability is being actively exploits in the wild, so if you are using this plugin, you need to immediately upgrade to version 1.4.4. Mikey Veenstra over at Defiant/Wordfence has a great write-up on the attacks they were seeing against sites they protect.
Other WordPress News
The original November 19th release date for WordPress version 5.0 has been pushed back to November 27. Instead, RC1 will now be released on the 19th. While I would personally like to see this pushed back even further (until next year), this at least gets us past Thanksgiving, Black Friday, and Cyber Monday.
A second bit of good news came out earlier this week when the core team announced they will support the Classic Editor plugin until December 31, 2021.
The Classic Editor plugin will be officially supported until December 31, 2021.
While I applaud the core team for committing to long-term support of the Classic Editor plugin, it still doesn’t address the continued accessibility issues with Gutenberg. If Gutenberg is the future, then we need to make sure it is accessible to everyone. To aid organizations (Higher Education in particular) in the evaluation of adopting Gutenberg, WPCampus is now accepting proposals from accessibility testing vendors to audit the Gutenberg editor. Results from the audit will be published to the WPCampus site. The deadline for proposal submission is November 14. If you currently work with an accessibility testing vendor, we would greatly appreciate you letting them know of our RFP.