Fifteen disclosures since last week, with zero issues unfixed.
View this week’s vulnerable plugins list.
Four issues are critical and should be updated immediately:
- Redirection for versions 3.6.2 and earlier has a potential remote code execution vulnerability
- Toolset Type for versions 2.3.3 and earlier has a privilege escalation vulnerability
- WooCommerce for versions 3.4.5 and earlier has both a privilege escalation and remote code execution vulnerabilities
Other Security News
For those who use the Chamilo e-Learning LMS, 1.11.6 was released to address multiple SQL injection vulnerabilities and multiple cross-site scripting vulnerabilities. Adding to the breach numbers for 2018, Quora announced this week it had been breached exposing information (hashed passwords, full names, email addresses, data imported from linked networks, direct messages, answer requests, and downvotes) on roughly 100 million of its users. While less severe in the type of data exposed, Humble Bundle also announced this week that it too had been breached. Luckily, the only information exposed was subscription status for queried accounts. If should have been contacted by the companies if your account was affected.