Another week gone and more WordPress vulnerabilities to report. See US-CERT Bulletin (SB18-064) for more information.
This week it’s two VERY popular plugins (1M active Installations), both of which I use on almost all of my websites.
The first is iThemes Security. The plugin versions before 6.9.1 for WordPress do not properly perform data escaping for the logs page.
As usual, if you are using these plugins, make sure you are using the most up-to-date versions. Always update WordPress plugins! They are the greatest source of potential attacks.