Here is what we have been doing to keep our customer’s websites secure from WordPress plugin vulnerabilities this week (if you haven’t signed up, what are you waiting for):

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Persistent cross-site scripting (XSS) vulnerability in 404 to 301
• Cross-site request forgery (CSRF)/user import vulnerability in Members Import

Plugin Vulnerabilities We Helped Get Fixed This Week

• Persistent cross-site scripting (XSS) vulnerability in WP-Piwik

 

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Cross-site request forgery (CSRF)/user import vulnerability in Members Import, discovered by us

Additional Vulnerabilities Added This Week

• Arbitrary file viewing vulnerability in CYSTEME Finder, discovered by t0w3ntum
• Arbitrary file upload vulnreability in CYSTEME Finder, discovered by t0w3ntum