Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

WordPress Security Plugin Vulnerabilities for Oct 30th

This entry was posted in WordPress Security on October 30, 2014 by Mark Maunder   8 Replies

This is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to. Please scan the list below and if you are using any of the products listed, or if you are aware of anyone using the products listed, please take the appropriate action which we include in each bullet point below.

If you are using any of these plugins, please take the action suggested in the bullet point above. Help spread the word to improve WordPress security for the WordPress community.

Did you enjoy this post? Share it!

8 Comments on "WordPress Security Plugin Vulnerabilities for Oct 30th"

Max Pen October 30, 2014 at 3:56 pm

Thank you for the information! Are these plugins all still being worked on or are some of them abandoned like Rich Counter?

mark October 30, 2014 at 3:59 pm

Hi Max. Looks like Rich Counter is the only one that may have been abandoned. All the others have been updated within the last month and many were updated today.

Nick October 30, 2014 at 4:28 pm

Hi all.

Please note that if you update to WP Google Maps 6.0.28 or higher, you will not be affected. Most users have already updated.

Thank you to Htbridge who helped find the vulnerability. We fixed this issue in a matter of days and we are ensuring to the best of our ability that this doesn't happen again in future versions.

Kind regards
Nick

mark October 30, 2014 at 4:35 pm

Thanks very much for weighing in Nick. Please contact me at mark at wordfence dot com in future if you have any questions/comments, want to discuss disclosure or just want to say hi!!

Regards,

Mark - Wordfence Founder & CEO.

Jack October 30, 2014 at 4:34 pm

I have to say that this is great stuff that you guys are doing in alerting people to vulnerabilities. From past experience, I know that this takes a lot of work, and can be very time consuming. The key to the vulnerabilities is getting them recognized and fixed quickly. You are providing a very valuable service to the web public by putting out the announcements. The key to everything being 'timely'. I once remember getting a call, around 4:00 am, from a certain office, located in a big white bldg. in Washington, DC, which is surrounded by fences and guard shacks. They wanted to know if I knew anything about the worldwide virus alert that CNN was just broadcasting on tv. Nope, I was sleeping, having a nice dream until the phone rang!

Jason S. October 31, 2014 at 1:08 am

I am now locked out of my own site and cannot get back in. I filled out my e-mail address to get sent an unlock key and it hasn't arrived. I use your product on several blogs but will disable it unless this is resolves quickly. Thank you!

Si October 31, 2014 at 8:49 am

What about Google Maps Widget plugin - that cool?

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates