WordPress Security Plugin Vulnerabilities for Oct 30th

This is a WordPress security report for Oct 30th 2014. We are publishing a list of current critical vulnerabilities that we want to draw your attention to. Please scan the list below and if you are using any of the products listed, or if you are aware of anyone using the products listed, please take the appropriate action which we include in each bullet point below.

If you are using any of these plugins, please take the action suggested in the bullet point above. Help spread the word to improve WordPress security for the WordPress community.

Did you enjoy this post? Share it!


  • Thank you for the information! Are these plugins all still being worked on or are some of them abandoned like Rich Counter?

    • Hi Max. Looks like Rich Counter is the only one that may have been abandoned. All the others have been updated within the last month and many were updated today.

  • Hi all.

    Please note that if you update to WP Google Maps 6.0.28 or higher, you will not be affected. Most users have already updated.

    Thank you to Htbridge who helped find the vulnerability. We fixed this issue in a matter of days and we are ensuring to the best of our ability that this doesn't happen again in future versions.

    Kind regards

    • Thanks very much for weighing in Nick. Please contact me at mark at wordfence dot com in future if you have any questions/comments, want to discuss disclosure or just want to say hi!!


      Mark - Wordfence Founder & CEO.

  • I have to say that this is great stuff that you guys are doing in alerting people to vulnerabilities. From past experience, I know that this takes a lot of work, and can be very time consuming. The key to the vulnerabilities is getting them recognized and fixed quickly. You are providing a very valuable service to the web public by putting out the announcements. The key to everything being 'timely'. I once remember getting a call, around 4:00 am, from a certain office, located in a big white bldg. in Washington, DC, which is surrounded by fences and guard shacks. They wanted to know if I knew anything about the worldwide virus alert that CNN was just broadcasting on tv. Nope, I was sleeping, having a nice dream until the phone rang!

  • I am now locked out of my own site and cannot get back in. I filled out my e-mail address to get sent an unlock key and it hasn't arrived. I use your product on several blogs but will disable it unless this is resolves quickly. Thank you!

  • What about Google Maps Widget plugin - that cool?