It may be a New Year, but the hackers haven't taken a holiday


1. The popular Pods content development framework for WordPress has a XSS and CSRF vulnerability. This was fixed in version 2.5 which was released on 30 December. Please upgrade immediately. (plugin is popular with over 200,000 downloads)

2. The cformsII plugin suffers from a remote code execution vulnerability via unauthorized file upload. Please upgrade immediately to version 14.8 which contains a fix if you?re using this plugin. (plugin has approximately 20,000 downloads)

3. The Banner Effect Header plugin has a XSS and CSRF vulnerability . This has been fixed in version 1.2.7 so upgrade if you?re using this plugin. (plugin has approximately 20,000 downloads)

Please use the links to download newest versions and upgrade immediately if you are using any of these plugins. Thanks to the Wordfence Security team for the heads-up about these vulnerabilities.