Update WordPress Plugins – Week of February 26

Another week gone and more WordPress vulnerabilities to report.  See US-CERT Bulletin (SB18-064) for more information.

This week it’s two VERY popular plugins (1M active Installations), both of which I use on almost all of my websites.

The first is iThemes Security.  The plugin versions before 6.9.1 for WordPress do not properly perform data escaping for the logs page.

update wordpress plugins

The second is NextGen Gallery from Imagely.  Versions of nextgen-gallery plugin before 2.2.50 for WordPress do not secure gallery paths.

 

update wordpress plugins

 

As usual, if you are using these plugins, make sure you are using the most up-to-date versions.  Always update WordPress plugins!  They are the greatest source of potential attacks.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
Call now!