The WordPress Doneren Met Mollie plugin (4,000+ active installations) fixed a broken access control vulnerability affecting version 2.8.4 and below that could lead to authenticated information disclosure.
The WordPress WP Quick FrontEnd Editor plugin (1,000+ active installations) is prone to a broken access control vulnerability affecting version 5.5 and below that could lead to authenticated content injection, stored XSS and settings change.
The WordPress Newsletter Manager plugin (5,000+ active installations) is prone to an insecure deserialization vulnerability affecting version 1.5.1 and below that could lead to unauthenticated PHP object injection.
Getting quickly informed when a security update is available in your themes or plugins is an important factor in keeping your website safe.
December 20, 2020 NinjaFirewall (WP+/WP) v4.3.1 Added a new policy to disable the “Application Passwords” feature that was introduced in WordPress 5.6. See “Firewall Policies >…