The Wordfence Team has announced three fresh security vulnerabilities for popular and widely used WordPress plugins – Happy New Year!
Updates for the following plugins have been released, and all website administrators should upgrade to the latest release builds ASAP. We have updated the affected plugins for any Imagine Monkey clients who were utilizing them, as part of our optional website security plan.
The following WordPress plugin versions have been found to be exploitable by the WordFence security team:
-
The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability.
-
The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload.
-
The Banner Effect Header plugin has a XSS and CSRF vulnerability .
You can find out more technical details by jumping to the WordFence article.
