I received an interesting email the other day from Wordfence, the security plugin that I use on my websites. They were notifying their users of a couple of security issues with the newest version of WordPress (Version 3.8 or Parker).
Wordfence got to work and released an updated version of Wordfence that is fully compatible with WP 3.8 and includes several fixes and improvements.
An additional new feature with Wordfence is the ability to verify the core files of WordPress 3.8 and will also verify the integrity of your core files for all previous versions of WordPress. (They are rinning beta testing on a new bug zapper program which is shown in the picture below.)
According to the Wordfence gurus, they have seen exploits for two WordPress items, which are:
WordPress Download Manager: The current version is 2.5. and contains a cross-site scripting vulnerability that does not appear to have been fixed yet. The XSS security hole exists in the form used to create a new download package where the title input field is not sanitized.
The Page Flip Image Gallery: This plugin contains a remote file upload vulnerability which was published on the December 7th and appears to exist in the current version of this popular plugin. So you may want to contact the author for further information.
Be sure you check for upgrades for these plugins and if you are unsure if the fixes have been done, you should contact the plugin author directly. If you would like to read up on security issues and fixes, please go to go to Wordfence.com for more information.
Wordfence does not have an affiliate program, so I do not receive any commissions for writing about this great plugin. I just like Wordfence! They are have a nice product that works well, plus they offer both a free and paid version of their plugin. Oh, by the way, Wordfence just passed 1 million downloads on December 23, 2013. AWESOME!