Get Announcements delivered to your Inbox! Subscribe to the Announcements list

Ninja Forms < 3.4.27.1 - CSRF
WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS)

An XSS vulnerability has been discovered in the WP Bakery Page Builder (previously Visual Composer) plugin. Details on this vulnerability are available here: WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS) WordFence - Vulnerability Exposes Over 4 Million Sites Using WPBakery Due to the prevelance of the ...

MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)
Multiple Plugins - Cross-Site Request Forgery (CSRF)

Multiple Plugins - Cross-Site Request Forgery (CSRF)

Many plugins are affected. Included in updates to WP NET customers:

  • Easy Testimonials
  • Woody ad snippets – Insert Header Footer Code, AdSense Ads
  • Feed Them Social – for Twitter feed, Youtube, Pinterest and more

 

ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings
Widespread DDoS Attacks Affecting Some Customers

A number of our upstream providers are experiencing on-going DDoS attacks on their networks. This is adversely affecting network performance, latency and stability.

As a result, some WP NET customers are experiencing intermittent connection problems to some of our NZ-based web servers.

Please see our Server Status page for updates.

Updating to WordPress 5.5.x

Over the next few days we will begin rolling out WordPress 5.5.1 to our Managed WordPress customers. WordPress 5.5 includes a number of great new features: Performance improvements Built in XML Sitemaps Auto-update for plugins and themes You can now update plugins by uploading a .zip file Block Editor improvements Some welcome developer ...

Elementor < 2.9.14 - Authenticated Stored Cross-Site Scripting
UPDATED: File Manager Vulnerabilities

UPDATED 2.9.2020: A new vulnerability has been discovered in the File Manager plugin: File Manager < 6.9 - Arbitrary File Upload leading to RCE. This is a very serious zero-day vulnerability, meaning it is being actively exploited on active installations. Please share this information as widely as possible; any users of this plugin should ...

Autoptimize < 2.7.7 - Authenticated Arbitrary File Upload