New Vulnerabilities in Popular WordPress Plugins


In case you missed the news release about the high profile plugin vulnerabilities on Word Press, we would like to bring them to your attention now and encourage you to update to the latest version immediately if not sooner.

Fast Secure Contact Form (over 400,000 installs) version 4.0.37 and earlier contain an XSS vulnerability that was publicly announced on October 27th. This was fixed in version 4.0.38. Upgrade immediately if you haven’t already. This is one of the most popular plugin and this is not a breach you want open to your site.

Bulletproof Security (over 100,000 installs) version .52.4 contains a XSS vulnerability that was publicly announced 2 weeks ago. Upgrade to the latest version which fixes the issue right away.

Blubrry PowerPress podcasting plugin (over 50,000 installs) version 6.0.4 and earlier contains an XSS vulnerability publicly announced on October 27th.  Update plugin as soon as fix is available.

Form Manager version (with over 30,000 installs) 1.7.2 and earlier contain an unauthenticated remote command execution (RCE) vulnerability published on October 23rd. This was fixed in 1.7.3.  Upgrade immediately.

WordPress Files Upload (close to 10,000 installs) version 3.4.0 and earlier allowed a malicious executable file to be uploaded and executed. This has been fixed in 3.4.1 which was released 13 days ago. Make sure you update this right away!

Crony Cronjob Manager 0.4.4 (just over 2000 installs) contained an XSS and CSRF vulnerability. The fix was released last month but it was just publicly announced last week. Do not delay in updating this plugin on your site.

As always, if we can assist you in any way..please reach out to us!


George J. Gingras <><
Senior Network Engineer
Queen City Business Networks, LLC.
859-525-9898 – Office

Using What We Know To Help Your Business Grow

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.