There were eight disclosures over the last two weeks, with two issues unfixed, one unknown. The disclosures that will affect the most people are the stored cross-site scripting vulnerabilities in Elegant Themes’ Divi Builder plugin, Divi theme and Extra theme. If you’re using those products be sure to get the latest updates from Elegant Themes.
View this week’s vulnerable plugins list.
Other WordPress News
The march to WordPress 5.0 continues on. Beta 2 is currently available, with Beta 3 scheduled for release today, Beta 4 on Monday, and RC on November 12. My advice is still the same as it was on October 5: install the Classic Editor plugin, install WordPress 5.0 when it is released, and then disable auto-updates while monitoring core announcements for security updates. The one change from then is the WPCampus community has put out an RFP for an accessibility audit on Gutenberg, so I would suggest joining the WPCampus slack workspace to stay up-to-date as the audit progresses and to see the results. From there, you’ll have a much better idea as to whether or not you can implement Gutenberg on your campus.
And I’m not the only one making this suggestion. The web team at NC State University has released a similar suggestion:
1. Before November 19, install and activate the Classic Editor plugin.
2. Upgrade to WordPress 5.0.
3. After January 17, review the results of the WPCampus accessibility audit.
The results of the WPCampus audit will give everyone a good starting point for deciding what comes next.
November is setting up to be a very interesting time in the WordPress world.