≡ Menu

Three new WordPress plugin security breaches – is your site affected?

One of the nice things about having your website managed for you is that you don’t have to worry about keeping your site up to date.

We’re big WordPress fans, and one of the third-party plugins we always install on customer sites is the security plugin from Wordfence.

If you manage your own WordPress site here are three newly identified vulnerabilities in WordPress plugins along with the recommended course of action:

Complete Gallery Manager 3.3.3
This Plugin contains a remotely exploitable file upload vulnerability. The vendor, Code Canyon recently released a fix. You should immediately upgrade to version 3.3.4 which contains a fix for this serious vulnerability.

Lazy SEO version 1.1.9.
If you’re still running version 1.1.9 of this plugin – be aware that a shell upload vulnerability has been identified. You should update to the most recent version of Lazy SEO which is 1.4.1.

NoSpamPTI plugin.
This plugin is deprecated and is no longer maintained by the developer, but an SQL injection vulnerability has been discovered. It’s recommend that you uninstall it and find an alternative plugin.

Our thanks to the team at wordfence.com for this important information.

{ 0 comments… add one }

Leave a Comment