Security
•
WordPress
•
PublishPress Capabilities Forced Update due to Serious Security Vulnerability
1 min read •Hristo Pandjarov
A couple of days ago a serious security issue with the PublishPress Capabilities plugin was discovered. Usually, we always try to protect our customers using our powerful WAF (Web Application Firewall) system and build rules to stop hacking attempts while leaving the update itself to the client’s preferences.
However, due to the nature of the exploit, we couldn’t protect our clients’ sites with WAF rules so, we decided to perform an emergency update on all our active installations of the plugin. Although, we do not expect any problems associated with this update (even the default WordPress system issued an update), if you notice something not working properly, feel free to contact the PublishPress Support for additional assistance!
Who’s Affected?
Only plugin versions between 2.0.0 and 2.3.0 are affected by this vulnerability. That’s why our team has performed the update only on them in order to avoid any problems with the plugin’s normal operation.
UPDATE
PublishPress Capabilities plugin has been successfully updated on our servers. As the vulnerability was reported to affect a few other plugins and themes we have gone deeper with the investigation of the issues and have managed to create a WAF rule that is protecting against possible exploits of this particular vulnerability.
Thanks!
Please check your email to confirm your subscription.
Sign Up For More Awesome Content!
Sign up for our newsletters with the latest content and offer updates. You can unsubscribe at any time.
Google reCAPTCHA used. Privacy Policy and Terms of Service apply
var blog_subscribing_started = false;
var blog_subscribing_rendered = false;
var formSubmitBtn = $(‘form.subscribe-form’).find(‘.btn-submit’);
$(document).ready(function(ev) {
formSubmitBtn.on(‘click’, function(ev) {
ev.preventDefault();
let form = $(this).closest(‘.subscribe-form’);
if (blog_subscribing_started || $(this).hasClass(‘btn-disabled’)) {
return;
}
blog_subscribing_started = true;
blog_subscription_hide_errors(form);
grecaptcha.ready(function() {
grecaptcha.execute(r3k, {action: ‘submit’}).then(function(token) {
document.querySelector(“#rt3”).value = token;
blog_subscription_send_form(form);
});
});
});
})
function renderRecaptcha2() {
if (!$(‘#recaptcha2_challenge’).length) {
let verifyCallback = function(response) {
document.querySelector(“#rt2”).value = response;
};
$(‘
