PublishPress Capabilities Forced Update due to Serious Security Vulnerability

Couple of days ago a serious security issue with the PublishPress Capabilities plugin was discovered. Usually, we always try to protect our customers using our powerful WAF (Web Application Firewall) system and build rules to stop hacking attempts while leaving the update itself to the client’s preferences.

However, due to the nature of the exploit, we couldn’t protect our clients sites with WAF rules so, we decided to perform an emergency update on all our active installations of the plugin. Although, we do not expect any problems associated with this update (even the default WordPress system issued an update), if you notice something not working properly, feel free to contact the PublishPress Support for additional assistance!

Who’s Affected?

Only plugin versions between 2.0.0 and 2.3.0 are affected by this vulnerability. That’s why our team has performed the update only on them in order to avoid any problems with the plugin normal operation.

UPDATE

PublishPress Capabilities plugin have been successfully updated on our servers. As the vulnerability was reported to affect few other plugins and themes we have gone deeper with the investigation of the issues and have managed to create a WAF rule that is protecting against possible exploits of this particular vulnerability.

author avatar
Hristo Pandjarov

WordPress Initiatives Manager

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

WordPress

Start discussion