PublishPress Capabilities Forced Update due to Serious Security Vulnerability

A couple of days ago a serious security issue with the PublishPress Capabilities plugin was discovered. Usually, we always try to protect our customers using our powerful WAF (Web Application Firewall) system and build rules to stop hacking attempts while leaving the update itself to the client’s preferences.

However, due to the nature of the exploit, we couldn’t protect our clients’ sites with WAF rules so, we decided to perform an emergency update on all our active installations of the plugin. Although, we do not expect any problems associated with this update (even the default WordPress system issued an update), if you notice something not working properly, feel free to contact the PublishPress Support for additional assistance!

Who’s Affected?

Only plugin versions between 2.0.0 and 2.3.0 are affected by this vulnerability. That’s why our team has performed the update only on them in order to avoid any problems with the plugin’s normal operation.


PublishPress Capabilities plugin has been successfully updated on our servers. As the vulnerability was reported to affect a few other plugins and themes we have gone deeper with the investigation of the issues and have managed to create a WAF rule that is protecting against possible exploits of this particular vulnerability.

Access email sent!

Sign Up For
More Awesome Content!

Subscribe to receive our monthly newsletters with the latest helpful content and offers from SiteGround.


Please check your email to confirm your subscription.

author avatar

Hristo Pandjarov

WordPress Innovations Director

Enthusiastic about all Open Source applications you can think of, but mostly about WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Start discussion

Related Posts