Here is what we have been doing to keep your website secure from WordPress plugin vulnerabilities this week:

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Arbitrary file upload vulnerability in WP Mobile Detector
• Authenticated arbitrary file upload vulnerability in Magic Fields
• Arbitrary file upload vulnerability in BePro Listings
• Post deletion vulnerability in BePro Listings
• Cross-site request forgery (CSRF)/cross-site scripting vulnerability in Viddler WordPress plugin

Plugin Vulnerabilities We Helped Get Fixed This Week

• Arbitrary file upload vulnerability in WP Mobile Detector

 

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Persistent cross-site scripting (XSS) vulnerability in Live Forms, discovered by SecuBeastTeam
• Authenticated arbitrary file upload vulnerability in Magic Fields, discovered by us
• Arbitrary file upload vulnerability in BePro Listings, discovered by us
• Post deletion vulnerability in BePro Listings, discovered by us
• Cross-site request forgery (CSRF)/cross-site scripting vulnerability in Viddler WordPress plugin, discovered by us

Additional Vulnerabilities Added This Week

• Reflected cross-site scripting (XSS) vulnerability in wpDiscuz, discovered by Kacper Szurek
• Information disclosure vulnerability in Stream, discovered by James Golovich
• Abitrary file upload vulnerability in WP Mobile Detector, discovered by us