If you use the Ninja Forms plugin and your sites aren’t set to get automatic plugin updates, add a round of updates to your weekend plans. Patchstack is reporting multiple high severity security vulnerabilities in the plugin, including the following: a POST-based reflected XSS (7.6 CVSS 3.1 score) a …
All-In-One Security (AIOS), a plugin active on more than a million WordPress sites, was found to be logging plaintext passwords from login attempts in the database and has patched the security issue in version 5.2.0. In a post titled “Cleartext passwords written to aiowps_audit_log” published to the plugin’s support forum two weeks …