Three new WordPress plugin vulnerabilities and what to do about them

WordFence reports three new WordPress plugin vulnerabilities. These security related issues should be resolved as soon as possible.

The plugin Complete Gallery Manager 3.3.3 contains a remotely exploitable file upload vulnerability. Code Canyon, the vendor, recently released a fix. Immediately upgrade to 3.3.4 which contains a fix for this serious vulnerability.

A shell upload vulnerability has emerged in an older version of Lazy SEO version 1.1.9. Make sure you’re running the newest version of this plugin which is 1.4.1.

An SQL injection vulnerability has emerged in the NoSpamPTI plugin. This plugin is deprecated and is no longer maintained by the developer so we recommend you uninstall it and find an alternative.

Wordfence is a CyberSecurity solution for WordPress providing anti-virus and firewall protection for WordPress installed web sites.