Twelve disclosures since last week, with four issues unfixed. The most serious is an Arbitrary File Upload vulnerability in the plugin Slider by 10Web. It appears that the developer is trying to fix the issue, but as of right now (2:00PM CST) it remains unavailable in the public repository. You are encouraged to remove the plugin until the developer is able to correct the issue.
View this week’s vulnerable plugins list.
Other WordPress Security News
WordPress 5.1 Beta 3 was released yesterday. Due to growing security concerns, the White-Screen-of-Death protection has been removed and is now slated for inclusion in version 5.2. Version 5.1 is still scheduled for release on February 21st.