Get Announcements delivered to your Inbox! Subscribe to the Announcements list

WP Statistics <= 12.6.3 - Cross-Site Scripting (XSS)

An XSS vulnerability in the WP Statistics plugin has been patched. Affected versions are 12.6.3 and below.

All Managed WordPress sites will be updated automatically.

Security Update: Popup-Maker

The Popup-Maker plugin utilises a third-party library called Fremius which has an Authenticated Option Update vulnerability.

The issue has been fix in version 1.8.3.

All Managed WordPress sites will be updated automatically.

Security Update: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated Arbitrary File Read

A serious security vulnerability has been discovered in the W3 Total Cache WordPress plugin. Affected versions are v0.9.2.6 - 0.9.3.

You can read about this vulnerability, here.

No vulnerable versions of this plugin have been detected on any WP NET Managed WordPress sites.

Security Update: Duplicate Page <= 3.3 - Authenticated SQL Injection

A serious security vulnerability has been discovered in the Duplicate Page WordPress plugin. Affected versions are v3.3 and below.

You can read about this vulnerability on the Sucuri Blog.

No vulnerable versions of this plugin have been detected on any WP NET Managed WordPress sites.

Security Update: WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

An unauthenticated SQL injection vulnerability has been revealed in the WP Google Maps plugin.

Affected versions are 7.11.00 -> 7.11.17. The issue is fixed in version 7.11.18.

All Managed WordPress sites will be updated automatically.