wordpress security updates: feb 2020

The Duplicator and Duplicator-Pro plugins both contained vulnerability that allowed attackers to make single request to website, and be able to download arbitrary files from WordPress website.   It's being reported that attackers are actively using this vulnerability, attempting to download files like..   Pagely customers who have not opted out received update within 24 hours of the patch being available, and Pagely's team notified any customer with plugin updates turned off to update their installation immediately..   Flexible Checkout Fields free plugin addon for sites running WooCommerce were being targeted with series of vulnerabilities that under specific circumstances allowed remote attackers to create their own administrator accounts on affected site.   The developers of the plugin released patch and Pagely team checked all sites for signs of infection, notifying customers if any action needed to take place..   By user on the site, The pricing table plugin versions before 1.8.2 included AJAX endpoint.   This vulnerability would allow anyone to modify database contents on the site and posed high risk as the changes they make in the database could lead to running javascript from within the panel..   By security researchers first and was not being exploited before the patch was made available before attack was weaponized, The risk is similar to Flexible Checkout Fields with the key difference being this was found and reported..   I am Director of Security and Privacy here at Pagely, on these matters as Pagely customers and WordPress as whole.   Pagely is the Managed WordPress Hosting Platform designed to exceed the needs of media, business, and Enterprise customers alike.   Read more