WordPress latest security fixes.

Stay informed about the latest vulnerabilities in WordPress plugins and themes: @nintechnet


July 16, 2019

Coming Soon Page & Maintenance Mode



WordPress “Coming Soon Page & Maintenance Mode” plugin (7,000+ installations) fixed stored XSS vulnerability. Update to v1.8.2.

[Vulnerability disclosure]


July 5, 2019

Ocean Extra


WordPress “Ocean Extra” plugin (400,000+ installations) fixed security issue. Update to v1.5.9.

[Vulnerability disclosure]


June 27, 2019

Block wp-login



WordPress “Block wp-login” plugin (500+ installations) fixed unauthenticated options change vulnerability. Update to v1.3.1


June 26, 2019

LiveChat – WP live chat plugin for WordPress



WordPress “LiveChat – WP live chat plugin for WordPress” plugin (20,000+ installations) fixed security issue. Update to v3.7.4.

Advanced Classifieds & Directory Pro



WordPress “Advanced Classifieds & Directory Pro” plugin (4,000+ installations) fixed security issue. Update to v1.7.0.

Import users from CSV with meta



WordPress “Import users from CSV with meta” plugin (30,000+ installations) fixed CSRF issue. Update to v1.14.2.1.

Ads for WP – Advanced Ads & Adsense Solution for WP & AMP



WordPress “Ads for WP – Advanced Ads & Adsense Solution for WP & AMP” plugin (2,000+ installations) fixed CSRF issue. Update to v1.8.


June 24, 2019

Custom 404 Pro



WordPress “Custom 404 Pro” plugin (10,000+ installations) fixed reflected XSS. Update to v3.2.8.


June 21, 2019

Facebook for WooCommerce

WordPress “Facebook for WooCommerce” plugin (200,000+ installations) fixed CSRF vulnerability. Update to v1.9.14.


June 19, 2019

Shortlinks by Pretty



WordPress “Shortlinks by Pretty” plugin (200,000+ installations) fixed stored XSS and CSV injection vulnerabilities. Update to v2.1.10.
[Vulnerability disclosure]


June 18, 2019

WordPress SEO Plugin – Rank Math



WordPress “WordPress SEO Plugin – Rank Math” plugin (50,000+ installations) fixed security issues. Update to v1.0.27.


June 17, 2019

Facebook Messenger Customer Chat

WordPress “Facebook Messenger Customer Chat” plugin (20,000+ installations) fixed CSRF vulnerability. Update to v1.3.


June 16, 2019

LionScripts: IP Blocker Lite



WordPress “LionScripts: IP Blocker Lite” plugin (3,000+ installations) fixed security issues. Update to v10.5.


June 15, 2019

WebP Express



WordPress “WebP Express” plugin (20,000+ installations) fixed CSRF vulnerability. Update to v0.14.1.


June 14, 2019

WP-Members Membership



WordPress “WP-Members Membership” plugin (80,000+ installations) fixed minor CSRF vulnerability. Update to v3.2.8.


June 12, 2019

Easy Digital Downloads



WordPress “Easy Digital Downloads” plugin (60,000+ installations) fixed stored XSS vulnerability. Update to v2.9.16.


June 10, 2019

WordPress Download Manager



WordPress “Download Manager” plugin (100,000+ installations) fixed security issues. Update to v2.9.97.


June 03, 2019

WP Google Maps



WordPress “WP Google Maps” plugin (400,000+ installations) fixed minor CSRF vulnerability. Update to v7.11.28.


May 31, 2019

Crelly Slider



WordPress “Crelly Slider” plugin (20,000+ installations) fixed arbitrary file upload vulnerability. Update to v1.3.5.

[Vulnerability disclosure]


May 26, 2019

Affiliates Manager



WordPress “Affiliates Manager” plugin (10,000+ installations) fixed vulnerabilities. Update to v2.6.6.


May 25, 2019

Related YouTube Videos

WordPress “Related YouTube Videos” plugin (6,000+ installations) fixed vulnerabilities. Update to v1.9.9.


May 22, 2019

Woocommerce User Email Verification



WordPress “Woocommerce User Email Verification” plugin (6,000+ installations) fixed vulnerability. Update to v3.4.0.


May 21, 2019

Chaty

WordPress “Chaty” plugin (6,000+ installations) fixed security issues. Update to v2.0.6.


May 20, 2019

Slimstat Analytics



WordPress “Slimstat Analytics” plugin (100,000+ installations) fixed potential XSS vulnerability. Update to v4.8.1.

Sticky Menu on Scroll – myStickymenu



WordPress “Sticky Menu on Scroll – myStickymenu” plugin (60,000+ installations) fixed security issue. Update to v2.1.5.

WP Maintenance Mode



WordPress “WP Maintenance Mode” plugin (600,000+ installations) fixed potential XSS vulnerability. Upgrade to v2.2.4.


May 18. 2019

SAML SP Single Sign On



WordPress “SAML SP Single Sign On” plugin (3,000+ active installations) fixed -again- several vulnerabilities. Update to v4.8.73.


May 17, 2019

Live Chat with Facebook Messenger

WordPress “Live Chat with Facebook Messenger” plugin (30,000+ active installations) fixed strored XSS vulnerability. Update to 1.4.5.

[Vulnerability disclosure]

WP Live Chat Support



WordPress “WP Live Chat Support” plugin (60,000+ active installations) fixed critical vulnerabilities. Update to 8.0.28.

[Vulnerability disclosure]


May 16, 2019

FV Flowplayer Video Player



WordPress “FV Flowplayer Video Player” plugin (40,000+ active installations) fixed 2 new vulnerabilities. Update to v7.3.15.727.

SAML SP Single Sign On



WordPress “SAML SP Single Sign On” plugin (3,000+ active installations) fixed CSRF vulnerability. Update to v4.8.71.


May 15, 2019

WP Live Chat Support



WordPress “WP Live Chat Support” plugin (60,000+ active installations) fixed several vulnerabilities. Update to 8.0.27.


May 14, 2019

Give – Donation Plugin and Fundraising Platform



WordPress “Give – Donation Plugin and Fundraising Platform” plugin (60,000+ installs) fixed minor XSS vulnerability. Update to v2.4.7.

FV Flowplayer Video Player



WordPress “FV Flowplayer Video Player” plugin (40,000+ active installations) fixed XSS vulnerability. Update to v7.3.13.727.


May 13, 2019

Photo Gallery by 10Web



WordPress “Photo Gallery by 10Web” plugin (300,000+ active installations) fixed authenticated stored XSS. Update to 1.5.23.


May 08, 2019

Register IPs



WordPress “Register IPs” plugin (3,000+ installs) fixed stored XSS vulnerability. Update to 1.8.1.


May 07, 2019

WP Booking System



WordPress “WP Booking System” plugin (9,000+ installs) fixed SQLi vulnerability. Update to 1.5.2.


May 02, 2019

All-in-One Event Calendar



WordPress “All-in-One Event Calendar” plugin (100,000+ installs) fixed XSS vulnerability. Update to version 2.5.39.


May 01, 2019

Shortlinks by Pretty Links



WordPress “Shortlinks by Pretty Links” plugin (200,000+ installs) just a security issue. Update to v2.1.9.


April 26, 2019

User Submitted Posts



WordPress “User Submitted Posts” plugin (30,000+ installations) fixed arbitrary file upload vulnerability. Update to v20190501.

[Vulnerability disclosure]


April 23, 2019

WP Job Manager



WordPress “WP Job Manager” plugin (100,000+ active installations) fixed a minor security issue. Update to 1.32.3.


April 19, 2019

A2 Optimized WP



WordPress “A2 Optimized WP” plugin (40,000+ active installations) just fixed a security issue. Update to 2.0.10.9.