20170310 WordPress Vulnerable Plugins/Themes Report

You should have already noticed that WordPress released version 4.7.3 update on Monday.  4.7.3 addresses six security vulnerabilities (one of which was discovered by my buddy Delta!) in addition to 39 bug fixes.  Equally important is that security patches were issued for all WordPress branches back to version 3.7.  If you are running any version of WordPress from 3.7 forward you should update immediately as there are now attacks in the wild targeting the vulnerabilities that were corrected.

If you are on an older version, please strongly consider upgrading to a more current branch. While I applaud the WordPress team for patching all branches back to 3.7, you can’t rely on them supporting those older branches moving forward.   Staying up-to-date is one of the most important ways to protect your site.  The WordPress development team has done an amazing job of ensuring backwards compatibility, so unless you have made changes to the core WordPress files, there is a strong chance you can update to the latest version without incident.  If you’re unsure of updating, please reach out to me and let’s see if we can get you updated.

I had hoped this week’s report would be quieter, but instead includes five unauthenticated arbitrary file upload disclosures.  PLEASE, remove or update these plugins immediately.

This week’s report.