WordPress plugin vulnerabilities are being exploited and hackers are looking to take advantage of them. They did not take a break over the holiday season and so here is a quick roundup of the most important current vulnerabilities being tracked that you should be aware of:
- The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability which was fixed in version 2.5 was released December 30th. Please upgrade immediately if you have not already done so.
- The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you’re using this plugin. (plugin has approximately 20,000 downloads)
- The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you’re using this plugin. (plugin has approximately 20,000 downloads)
Please upgrade immediately if you are using any of these plugins.
Image courtesy of chanpipat at FreeDigitalPhotos.net