Get Announcements delivered to your Inbox! Subscribe to the Announcements list

Divi, Extra, Divi Builder < 4.0.10 - Authenticated Code Injection

ElegantThemes (divi, extra, divi-builder < 4.0.10) - Authenticated Code Injection - fixed in version 4.0.10 Important Notes for Divi Users  All Managed WordPress sites that meet the following criteria have been updated to the latest version (4.0.11 at time of writing): Div or Extra theme or Divi Builder plugin installed Is already at ...

WooCommerce Conversion Tracking < 2.0.5 - CSRF to XSS

WooCommerce Conversion Tracking < 2.0.5 - CSRF to XSS

All Managed WordPress site have been updated.

Duplicate Post plugin security update deployed

All WP NET Managed WordPress sites running the very popular Duplicate Post plugin have been updated to the latest version, v3.2.4.

Duplicate Post <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS) --  fixed in version 3.2.4

 

Christmas 2019 Support Hours

WP NET will be kicking back, enjoying a little sunshine over the Christmas and New Year period. We're taking a slightly longer break than usual through early January, but our support staff are still available, though response times will be slower than usual.  Of course, all hosting services, backups, security scans and everything else continues ...

WordPress 5.3.1 and 5.2.5 deployed

The latest point-release patches for WordPress core have been deployed to all Managed WordPress sites. Sites already on 5.3.x have been updated to 5.3.1 Sites on 5.2.x have been updated to 5.2.5 Information on this update is available here: https://wpvulndb.com/wordpresses/53 We will begin deploying the 5.3.1 update for users on 5.2.x in ...

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code

All Managed WordPress site will be updated automatically.

Bridge Theme <= 18.2 - Open Redirect

Bridge Theme <= 18.2 - Open Redirect

All Managed WordPress sites will be updated automatically.

Tidio Live Chat <= 4.1.0 CSRF to Stored XSS
YIT Plugin Framework <= 3.3.8 - Multiple Vulnerabilities

All Managed WordPress sites will be updated automatically

  • YIT Plugin Framework <= 3.3.8 - Authenticated Plugin's Settings Change -- fixed in version 2.2.14
  • YITH WooCommerce Wishlist <= 2.1.2 - Authenticated SQL Injection -- fixed in version 2.2.0
  • Yith-woocommerce-order-tracking
  • Yith-woocommerce-ajax-search

Bridge Theme <= 18.2 - Open Redirect

Bridge Theme <= 18.2 - Open Redirect

All Managed WordPress sites updated automatically.