Last week we have several high profile plugin vulnerabilities we\u2019d like to bring your attention to. If you are using one of these plugins, upgrade to the fixed version immediately.<\/p>\n
<\/p>\n
Fast Secure Contact Form<\/a>\u00a0(400,000+ active installs) version 4.0.37 and earlier contain an XSS vulnerability that was\u00a0publicly announced<\/a>\u00a0on October 27th. This was fixed in version 4.0.38. Upgrade immediately if you haven\u2019t already. Note that this plugin is very popular with over 400,000 active installs.<\/p>\n Bulletproof Security<\/a>\u00a0(100,000+ active installs) version .52.4 contains a\u00a0XSS vulnerability<\/a>that was publicly announced 2 weeks ago. Please upgrade to the newest version which fixes the issue if you haven\u2019t already.<\/p>\n Blubrry PowerPress podcasting plugin<\/a>\u00a0(50,000+ active installs) version 6.0.4 and earlier contains an\u00a0XSS vulnerability<\/a>\u00a0publicly announced on October 27th. \u00a0Upgrade as soon as possible.<\/p>\n Form Manager version<\/a>\u00a0(30,000+ active installs) 1.7.2 and earlier contain an unauthenticated remote command execution (RCE) vulnerability published\u00a0on October 23rd<\/a>. This was fixed in 1.7.3. \u00a0Upgrade as soon as possible.<\/p>\n WordPress Files Upload<\/a>\u00a0(10,000+ active installs) version 3.4.0 and earlier allowed a malicious executable file to be uploaded and executed. This has been fixed in 3.4.1 which was released 13 days ago. Please upgrade immediately if you haven\u2019t already.<\/p>\n Crony Cronjob Manager 0.4.4<\/a>\u00a0(2000+ active installs) and earlier contained an\u00a0XSS and CSRF vulnerability<\/a>. The fix was released several weeks ago but it was publicly announced 15 days ago. If you haven\u2019t upgraded this plugin, please do so immediately.<\/p>\n