wordpress security updates: jan 2020

WordPress Security and Maintenance Releases 5.2.4, 5.3.1, and 5.3.2.   Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we did not upgrade our customers to 5.3 until early January.   All Pagely customers received security patches for vulnerabilities identified WordPress Core before 5.2.4 for the branch and 5.3.1 for the 5.3 branch. 4 vulnerabilities found WordPress Core.   Two separate authentication bypass vulnerabilities were found InfiniteWP and WP-Time-Capsule, by WebARX.   The vulnerability allows malicious parties the ability to bypass authentication and get session via making single request to site running either plugin..   Elegant Themes self-detected and corrected insecure code in their popular plugin Divi-Builder, and themes Divi and Extra..   Elegant Themes addressed would have allowed user to execute short bits of PHP code on website.   While the ability to execute code makes this high-risk threat, the requirement that the attack has valid credentials reduces that threat significantly to medium or less risk.. **A hat tip and props are due for Elegant Theme's developers for identifying, patching, ...   I am Director of Security and Privacy here at Pagely, on these matters as Pagely customers and WordPress as whole.   Pagely is the Managed WordPress Hosting Platform designed to exceed the needs of media, business, and Enterprise customers alike.   Read more