Here is what we have been doing to keep our customer’s websites secure from WordPress plugin vulnerabilities this week (if you haven’t signed up, what are you waiting for):

Plugin Vulnerabilities We Discovered and Publicly Disclosed This Week

• Cross-site request forgery (CSRF) vulnerability in WooCommerce Product Feed
• Reflected cross-site scripting (XSS) vulnerability in Quotes Collection
• Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in CYSTEME Finder

Plugin Vulnerabilities Added This Week That Are In The Current Version of the Plugins

• Cross-site request forgery (CSRF) vulnerability in WooCommerce Product Feed, discovered by us
• Reflected cross-site scripting (XSS) vulnerability in Quotes Collection, discovered by us
• Cross-site request forgery (CSRF)/arbitrary file upload vulnerability in CYSTEME Finder, discovered by us
• Authenticated persistent cross-site scripting (XSS) vulneraiblity in Advanced ads Management by Inazo, discovered by Usman Nasir

Additional Vulnerabilities Added This Week

• Reflected cross-site scripting (XSS) vulnerability in MailPoet Newsletters, discovered by Sipke Mellema
• Privilege escalation vulnerability in WP Front End Profile, discovered by Phil Wylie