Get Announcements delivered to your Inbox! Subscribe to the Announcements list

Security Update: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read

A serious security vulnerability has been discovered in the W3 Total Cache WordPress plugin. Affected versions are v0.9.2.6 - 0.9.3.

You can read about this vulnerability, here.

No vulnerable versions of this plugin have been detected on any WP NET Managed WordPress sites.

Security Update: Duplicate Page <= 3.3 - Authenticated SQL Injection

A serious security vulnerability has been discovered in the Duplicate Page WordPress plugin. Affected versions are v3.3 and below.

You can read about this vulnerability on the Sucuri Blog.

No vulnerable versions of this plugin have been detected on any WP NET Managed WordPress sites.

Security Update: WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

An unauthenticated SQL injection vulnerability has been revealed in the WP Google Maps plugin.

Affected versions are 7.11.00 -> 7.11.17. The issue is fixed in version 7.11.18.

All Managed WordPress sites will be updated automatically.

Security Update: Give <= 2.3.0 - Cross-Site Scripting (XSS)

The Give plugin has an XSS vulnerability affecting versions 2.3.0 and below. The issue is fixed in version 2.3.1.

All Managed WordPress sites will be updated automatically.

Security Update: KingComposer - Cross-Site Scripting (XSS)

An XSS vulnerability has been discovered in the KingComposer plugin. Affected versions are v2.7.6 and below.

All WP NET Managed WordPress sites will be updated automatically.

Security Update: Easy WP SMTP and Social Warfare

There has been a lot of activity online about two recently discovered, serious security vulnerabilities in the Easy WP SMTP and Social Warfare plugins.

WP NET support scanned all our Managed WordPress sites several days ago and no vulnerable versions of either plugin were found on any of our servers.

Security Update: WP Google Maps <= 7.10.41 - Cross-Site Scripting (XSS)

An important security update for WP Google Maps has been released. The issue is fixed in version 7.10.43.

All Managed WordPress sites will be updated automatically.

PHP 7.0 no longer available on MWP servers

We have today completed upgrading all shared-server Managed WordPress (MWP) sites from PHP 7.0, to either PHP 7.1 or 7.2. PHP 7.0 reached end-of-life on Dec 2, 2018, and is no longer supported. To complete this process, we have now removed the PHP 7.0 runtime from all MWP servers. We are continuing with our work to upgrade all remaining site's ...

Security Update: WP Fastest Cache <= 0.8.9.0 - Unauthenticated Arbitrary File Deletion

A security update has been released for the WP Fastest Cache  plugin. This update fixes an arbitrary file deletion vulnerability.

All Managed WordPress sites will be updated automatically.

Managed WordPress Sites Updated to WordPress 5.1

All Managed WordPress sites on shared-servers have now been updated to WordPress 5.1. There are significant changes in WordPress since version 4.9.9 (namely, the new Block Editor) and while we have carefully tested these updates, there's always a chance that there will be some unexpected issues. Therefore, we ask that you check your sites and ...