20170526 Vulnerable Plugins Report

This week’s report.

Several critical vulnerabilities this week.  Of note is that all of the critical vulnerabilities are in plugins that have not been updated in more than two years.  While not having an update for two years isn’t a conclusive indicator that a plugin has been abandoned (the version of wpDirAuth from two years ago – 1.7.9 – works just fine in WordPress v4.7.5), it should give you pause.

Before selecting a plugin that hasn’t been updated recently, you should check the forums to see if the developer is still responding to users.  This should also remind all of us that we need to go back every once in awhile and reevaluate the plugins we have installed to make sure they haven’t been abandoned.