August was a fairly light month for WordPress security. Let’s start with what Packet Storm security reported on.
- WordPress Wordfence 3.8.1 Cross Site Scripting
- WordPress Encrypted Blog 0.0.6.2 XSS / Open Redirect
- WordPress silverOrchid Cross Site Scripting
- WordPress Simple Login Registration 1.0.1 Cross Site Scripting
- WordPress Post-Gallery Cross Site Scripting
- WordPress Video Whisper Cross Site Scripting
- WordPress BackWPup 3.0.12 Cross Site Scripting
- WordPress ThinkIT 0.1 CSRF / Cross Site Scripting
- WordPress HMS Testimonials 2.0.10 XSS / CSRF
- WordPress Usernoise 3.7.8 Cross Site Scripting
- Booking Calendar 4.1.4 Cross Site Request Forgery
- WordPress Comment Extra Fields 1.7 CSRF / XSS
The only two security alerts that stood out to me were the Wordfence 3.8.1 XSS and BackWPup 3.0.12 XSS, both are popular WordPress plugins.
Sucuri, however, had only one related WordPress update. They announced the next version of their free WordPress plugin.
WordPress 3.6 was released just over a month ago now, so if you haven’t upgraded, now is a great time to gain access to a bunch of new features. There hasn’t been any announcements about WordPress 3.6.1 which is expected as a security release, given the history of how releases are made. But no release so far, is a good sign.