Get Announcements delivered to your Inbox! Subscribe to the Announcements list

Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injections due to Duplicated Snippets

Duplicate Page and Post < 2.5.7 & WP Post Page Clone < 1.1 - SQL Injecti...

wp-post-page-clone - WP Post Page Clone -fixed in version 1.1

duplicate-wp-page-post - Duplicate Page and Post -fixed in version 2.5.7

All Managed WordPress sites have been updated.

Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting (XSS)

Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting (XSS) fixed in version 3.6 - 9.1 (Critical)

All Managed WordPress sites have been updated.

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console

Site Kit by Google < 1.8.0 - Privilege Escalation to gain Search Console -  fixed in version 1.8.0 - 9.1 (Critical)

All Managed WordPress sites have been updated automatically.

WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products

WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products This is a low-severity issue, we will update --patch what WooCommerce sites we can. We will then contact WooCommerce users about updating. More information is available here: https://wpvulndb.com/vulnerabilities/10220 See this thread for more information on this ...

Elementor Updates

Seeing as these recent updates for the Elementor plugin have been getting a lot of attention, I thought we better quickly post something more regarding this. At time of writing, all instances of Elementor and Elementor Pro on our Managed WordPress customers sites have been updated to fix the recently discovered vulnerabilities. WP NET support ...

WordPress 5.4 Vulnerabilities Patched

WordPress vulnerabilities patched in version 5.4.1 and backported to the 5.3 branch. 2020-04-29 WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated fixed in version 5.4.1 - 3.1 (Low)2020-04-29 WordPress < 5.4.1 - Unauthenticated Users View Private Posts fixed in version 5.4.1 - 3.7 (Low)2020-04-29 WordPress < ...

Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation
Ninja Forms < 3.4.24.2 - CSRF to XSS

Ninja Forms < 3.4.24.2 - CSRF to XSS

All Managed WordPress sites have been updated.

Advanced Woo Search < 2.00 - SQL query leak in ajax search

Advanced Woo Search < 2.00 - SQL query leak in ajax search

All Managed WordPress sites have been updated automatically.

LifterLMS < 3.37.15 - Arbitrary File Writing

LifterLMS < 3.37.15 - Arbitrary File Writing

All Managed WordPress sites have been updated.