Get Announcements delivered to your Inbox! Subscribe to the Announcements list

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

All Managed WordPress site will be updated automatically.

Bridge Theme <= 18.2 - Open Redirect

Bridge Theme <= 18.2 - Open Redirect

All Managed WordPress sites will be updated automatically.

Tidio Live Chat <= 4.1.0 CSRF to Stored XSS
YIT Plugin Framework <= 3.3.8 - Multiple Vulnerabilities

All Managed WordPress sites will be updated automatically

  • YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change -- fixed in version 2.2.14
  • YITH WooCommerce Wishlist <= 2.1.2 - Authenticated SQL Injection -- fixed in version 2.2.0
  • Yith-woocommerce-order-tracking
  • Yith-woocommerce-ajax-search

Bridge Theme <= 18.2 - Open Redirect

Bridge Theme <= 18.2 - Open Redirect

All Managed WordPress sites updated automatically.

Fast Velocity Minify < 2.7.7 - Full Path Disclosure
Events Manager < 5.9.6 - Stored XSS

Events Manager < 5.9.6 - Stored XSS -- fixed in version 5.9.6

All In One SEO Pack < 3.2.7 - Stored Cross-Site Scripting (XSS)
Visualizer < 3.3.1 - Blind SSRF / Stored XSS

Security updates have been installed for the following plugins:

  • Visualizer < 3.3.1 - Blind SSRF -- fixed in version 3.3.1
  • Visualizer < 3.3.1 - Stored XSS -- fixed in version 3.3.1

Easy Fancybox < 1.8.18 - Authenticated Stored XSS

Easy Fancybox < 1.8.18 - Authenticated Stored XSS

All Managed WordPress sites will be updated automatically.