Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

3 Severe Plugin Vulnerabilities Fixed in the Last 24 Hours

This entry was posted in WordPress Security on February 9, 2016 by Mark Maunder   16 Replies

The following three plugins contain severe vulnerabilities that have all been fixed within the past 24 hours. Details of these vulnerabilities have been released to the public so they are likely already being exploited. If you use any of these plugins, upgrade immediately. Please share with the larger WordPress community.

Upgrade immediately if you use any of these and please share this information with the larger WordPress community.

To learn more about SQL injection vulnerabilities or file upload vulnerabilities, visit our WordPress Security Learning Center.

Did you enjoy this post? Share it!

16 Comments on "3 Severe Plugin Vulnerabilities Fixed in the Last 24 Hours"

Ken February 9, 2016 at 9:03 am

Thanks for the info, folks. You're doing a great service. I use Wordfence on all of my sites, and hope to upgrade to Premium one day.

Richard February 9, 2016 at 9:25 am

Thank guys.

I appreciate your information.


Mohammad Javed February 9, 2016 at 9:28 am

Thank you for raising the awareness, have advised a few people to check their plugins if they are using them.

Wayne February 9, 2016 at 9:37 am

Thanks for information! Much appreciated

Luis February 9, 2016 at 9:54 am

Thanks!! Ever since I am a WordFence (platinum) user, I sleep confidently every night!!

Dawit Solomon February 9, 2016 at 10:02 am

Thanks for your very helpfull updates.

Tony Scott February 9, 2016 at 10:07 am

Thanks so much for keeping the WP community in the loop. We find your blog and product and invaluable resource where security is concerned. Regards Tony Scott (CEO Akira Studio)

Cassandra February 9, 2016 at 10:13 am

Thank you for the info.

Riviere February 9, 2016 at 10:59 am

Thank you for all

Duncan February 9, 2016 at 12:33 pm

It's always a breath of fresh air knowing you guys (and gals) are always keeping a sharp eye out for these vulnerabilities so the rest of us can spend time where we're supposed to, tending to our business ;) I am a premium user and I know sometimes people read comments and don't know if it's just some sort of plug to sell more. Makes no difference to me what others think. I just had to let you know "I love you guys!" thanx!!!!!

mark February 9, 2016 at 1:55 pm

Thanks Duncan. Much appreciated.

Robin February 9, 2016 at 1:05 pm

Thanks for the heads up. I've used the User-Meta plugin on one of my clients websites. I'll upgrade now.

Angelo February 10, 2016 at 3:53 am

Thanks for the updates guys, so glad you are keeping an eye on these vulnerabilities!

Shawn February 10, 2016 at 10:53 am

Thanks for the heads up! Appreciate your hard work!

Dave Warfel February 10, 2016 at 1:56 pm

Really appreciate what y'all do to keep WordPress sites safe. Thanks for spreading the word about these vulnerabilities.

Adam Binder February 10, 2016 at 4:50 pm

Thanks for this timely info!

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates