This week we have several high profile plugin vulnerabilities we’d like to bring your attention to. If you are using one of these plugins, upgrade to the fixed version immediately. Fast Secure Contact Form (400,000+ active installs) version 4.0.37 and earlier contain an XSS vulnerability that was publicly announced on October 27th. This was fixed in version 4.0.38. Upgrade immediately if you haven’t already. Note that this plugin is very popular with over 400,000 active installs. Bulletproof Security (100,000+ active installs) version .52.4 contains a XSS vulnerability that was publicly announced 2 weeks ago. Please upgrade to the newest version which fixes the issue if you haven’t already. Blubrry PowerPress podcasting plugin (50,000+ active installs) version 6.0.4 and earlier contains an XSS vulnerability publicly announced on October 27th. Upgrade as soon as possible. Form Manager version (30,000+ active installs) 1.7.2 and earlier contain an unauthenticated remote command execution (RCE) vulnerability published on October 23rd. This was fixed in 1.7.3. Upgrade as soon as possible. WordPress Files Upload (10,000+ active installs) version 3.4.0 and earlier allowed a malicious executable
Share This