20170609 Vulnerable Plugins/Themes Report, WordPress 4.8

Last week’s report.

Sorry for not getting this out on Friday. Last week was… crazy.  And Friday ended up being way busier than I anticipated.


There are four plugins this week (Count per Day, WP Testimonials, Skype Legacy Buttons, WP Posts Carousel) with known issues but no fixes currently available.  WP Testimonials hasn’t been updated for four or five years, so it’s probably safe to say it isn’t going to be updated.  If you’re using it, you should consider finding a replacement.  The other item I want to draw attention to is the Eduma Education Theme.  Since it isn’t the WordPress plugin repository, I’m unsure if you receive an admin notification about the update.  If you’re using Eduma, please make sure you update.

WordPress News

The big news last week was the release of WordPress 4.8 “Evans”.  There were no security fixes in this release (at least not according to the changelog), but it does include 225 bug fixes and numerous user interface improvements.  The biggest one includes the introduction of Image, Video Audio and Rich Text Widgets.  These new widgets will allow your end users to add media and formatted text to widget areas, where before they would have had to know HTML.  They also added a REST API endpoint for the new media widgets, which opens up the possibilities for even more media-focused widgets. If you haven’t already, definitely upgrade.