• Friday, December 7, 2018

There has been a flurry of WordPress plugins with security patches released, mostly addressing cross-site scripting vulnerabilities.

  • Redirection <= 3.6.2 - Cross-Site Request Forgery (CSRF)
  • WPForms <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS)
  • Google Analytics by Monster Insights <= 7.1.0 - Authenticated Stored Cross-Site Scripting (XSS)
  • WP Mail SMTP by WPForms <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
  • All in One SEO Pack - Authenticated Stored Cross-Site Scripting (XSS)
  • PropertyHive <= 1.4.25 - Unvalidated Input to do_action()
  • Ninja Forms <= 3.3.19 - Unauthenticated Open Redirect
  • Arigato Autoresponder and Newsletter <= 2.5.1.8 - Authenticated Blind SQL Injection & Multiple XSS
  • Ultimate Member <= 2.0.32 - Cross-Site Request Forgery (CSRF)
  • Download WP-DBManager <= 2.79.1 - Arbitrary File Delete

All WP NET Managed WordPress sites will be updated automatically.

If you experience any problems with your site after the updates, please open a support ticket.