Thirteen disclosures since last week, with three issues unfixed.
View this week’s vulnerable plugins list.
Other WordPress Security News
Version 5.0.1 was released earlier this week and corrects seven issues. If you have not upgraded to version 5.0 yet, fixes for all version back to 3.7 are available.
Other Security News
As a PSA, a new spam extortion email is making the rounds. This one is particularly troublesome as it attempts to convince the recipient that the extortionist has placed a bomb in their building. And it also appears to be targeting Universities. If you receive the email, report it to your organization’s security team.
Version 4.8.4 of phpMyAdmin was released to address an Authenticated Local File Inclusion vulnerability.