A security warning was released today about three WordPress plugins that have vulnerabilities and should be updated or replaced. Check below for the recommended action to take if you’re using Complete Gallery Manager 3.3.3 from Code Canyon, Lazy SEO v1.1.9 or NoSpamPTI plugins.
- The plugin Complete Gallery Manager 3.3.3 contains a remotely exploitable file upload vulnerability. The vendor, Code Canyon recently released a fix. Immediately upgrade to 3.3.4 which contains a fix for this serious vulnerability.
- A shell upload vulnerability has emerged in an older version of Lazy SEO version 1.1.9. Make sure you’re running the newest version of this plugin which is 1.4.1.
- An SQL injection vulnerability has emerged in the NoSpamPTI plugin. This plugin is deprecated and is no longer maintained by the developer so we recommend you uninstall it and find an alternative.
