≡ Menu

One of the nice things about having your website managed for you is that you don’t have to worry about keeping your site up to date.

We’re big WordPress fans, and one of the third-party plugins we always install on customer sites is the security plugin from Wordfence.

If you manage your own WordPress site here are three newly identified vulnerabilities in WordPress plugins along with the recommended course of action:

Complete Gallery Manager 3.3.3
This Plugin contains a remotely exploitable file upload vulnerability. The vendor, Code Canyon recently released a fix. You should immediately upgrade to version 3.3.4 which contains a fix for this serious vulnerability.

Lazy SEO version 1.1.9.
If you’re still running version 1.1.9 of this plugin – be aware that a shell upload vulnerability has been identified. You should update to the most recent version of Lazy SEO which is 1.4.1.

NoSpamPTI plugin.
This plugin is deprecated and is no longer maintained by the developer, but an SQL injection vulnerability has been discovered. It’s recommend that you uninstall it and find an alternative plugin.

Our thanks to the team at wordfence.com for this important information.


Recently Yahoo! announced that they would be purging unused accounts from their database, freeing up previously unavailable email addresses.

Accounts that have not seen any user activity in twelve months will be made available for new users to stake a claim to – which is all well and good for users wanting to nab a snazzier address but it poses two problems – one of which affects businesses with an email list of subscribers, prospects or customers.

The first problem is that of security. Will the new owner be able to request ‘forgotten passwords’ from ecommerce sites and potentially be able to access private information, or even commit fraud?

Yahoo! has put in place a protocol to allow sites to access when the new owner gained control over the account. Facebook’s policy will be to bounce back emails sent to users whose account have not been logged into since before ownership of the email address changed.

Other sites, including many run by many smaller less well resourced organisations will presumably have to come up with their own policies.

From a marketing perspective, the Yahoo! move is a timely reminder about list hygiene. Now would be a good time to review contacts with Yahoo! addresses that have not interacted – ie not opened or clicked on an email for several months and automatically opt them out.

Failing to do so could cause a higher than usual number of Spam complaints as the new owners of the email addresses receive mail that they were not expecting – even though the original owener had geninely opted-in to your list.