20170512 Vulnerable Plugins Report, WordPress 4.8

Vulnerable Plugins

This week’s vulnerability report.

This week’s report is fairly light, with no major critical issues. Given the report’s light reading, I would encourage you to read Wordfence‘s post from this week on “22 Abandoned WordPress Plugins with Vulnerabilities” as it highlights a major area of concern when it comes to WordPress: communicating to users that a vulnerability exists in a plugin they are using.  Please look over the list and make sure you aren’t using any of the ones listed, and if you are, start looking for alternatives.


Last Saturday the WordPress version 4.8 release date was announced: June 8th. Beta 1 should be available later today with the Release Candidate targeted for May 25th.   4.8 is the first major version released in 2017, and is a stepping-stone toward releasing the new Gutenberg editor in WordPress.  In addition it should include a new WYSIWYG widget, and several media widgets.


If you use wpDirAuth, please note that I released a fairly substantial upgrade yesterday.  The biggest changes were the addition of several hooks that can be used to modify/extend wpDirAuth to your institution’s specific requirements without having to modify the plugin directly.  I also added a cookie expiration setting into the settings area so you can more easily change the one hour default to something else without having to add code to your theme’s function file.