It may be a New Year, but the hackers haven’t taken a holiday. Thanks for the heads-up from the Wordfence Security team!
1. The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability. This was fixed in version 2.5 which was released on 30 December. Please upgrade immediately. (plugin is popular with over 200,000 downloads)
2. The CformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you’re using this plugin. (plugin has approximately 20,000 downloads)
3. The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you’re using this plugin. (plugin has approximately 20,000 downloads)
Please use the links to download newest versions and upgrade immediately if you are using any of these plugins.
Tags: Banner Effect Header, Cforms II, hacker, plugin, Pods plugin, security alert, wordfence, Wordpress
Posted in Blog Plugins & Widgets, Blog Services, Security Issues, Wordpress | No Comments »
Leave a Comment
You must be logged in to post a comment.