Severe Vulnerability For WordPress Security In Plugins Library

By Csaba, Miklós WP Security 11 April 2019

WP Security bulletin - Plugins Library March 2019

At your next scheduled WordPress Maintenance, be informed for your WordPress Security about the latest Plugins Library Vulnerability, identified and reported publicly. As this vulnerability is already disclosed, when you keep your WP and your affected plugins outdated - your risking serious security-related breaches.

Fremius Library
- Authenticated Option Update reported by Ryan Dewhurst. The library is included with many popular plugins, such as NextGEN Gallery (1,000,000+ installs), 404 – 301 (100,000+ installs), WP Security Audit Log (80,000+ installs), and FooGallery (100,000 installs+). Freemius CEO Vova Feldman said he would classify it as “a severe vulnerability.”
  - WP Security recommendation: immediately upgrade to the latest version of the plugins used to fix the vulnerability.
  - wp-affiliate-disclosure - fixed in version 1.1.4
    404-to-301 - fixed in version 3.0.2
    buddyforms - fixed in version 2.3.2
    contact-form-7-multi-step-module - fixed in version 3.0.9
    content-aware-sidebars - fixed in version 3.8.1
    delete-duplicate-posts - fixed in version 4.1.9.5
    easy-watermark - fixed in version 0.7.1
    final-tiles-grid-gallery-lite - fixed in version 3.3.57
    foobox-image-lightbox - fixed in version 2.6.4
    foogallery - fixed in version 1.6.17
    nextgen-gallery - fixed in version 3.1.7
    addons-for-elementor - fixed in version 2.6
    livemesh-siteorigin-widgets - fixed in version 2.5.2
    mobile-menu - fixed in version 2.7.3
    popup-maker - fixed in version 1.8.3
    post-snippets - fixed in version 3.0.4
    stop-user-enumeration - fixed in version 1.3.20
    widgets-for-siteorigin
    wp-fail2ban - fixed in version 4.0.5
    wp-security-audit-log - fixed in version 3.3.1.2