PublishPress Capabilities Forced Update due to Serious Security Vulnerability
A couple of days ago a serious security issue with the PublishPress Capabilities plugin was discovered. Usually, we always try to protect our customers using our powerful WAF (Web Application Firewall) system and build rules to stop hacking attempts while leaving the update itself to the client’s preferences.
However, due to the nature of the exploit, we couldn’t protect our clients’ sites with WAF rules so, we decided to perform an emergency update on all our active installations of the plugin. Although, we do not expect any problems associated with this update (even the default WordPress system issued an update), if you notice something not working properly, feel free to contact the PublishPress Support for additional assistance!
Only plugin versions between 2.0.0 and 2.3.0 are affected by this vulnerability. That’s why our team has performed the update only on them in order to avoid any problems with the plugin’s normal operation.
PublishPress Capabilities plugin has been successfully updated on our servers. As the vulnerability was reported to affect a few other plugins and themes we have gone deeper with the investigation of the issues and have managed to create a WAF rule that is protecting against possible exploits of this particular vulnerability.