Official Plugin Changelog
A changelog is the documentation of what’s being updated, which for users of the plugin provides them an opportunity to understand what is being updated and to make decisions about whether to update their installation or not, thus transparency is important.
The WordPress Popular Posts plugin is responsibly transparent in their documentation of the update.
The plugin changelog advises:
“Fixes a security issue that allows unintended arbitrary shortcode execution (props to mikemyers and the Wordfence team!)”
Recommended Actions
All versions of the WordPress Popular Posts plugin up to and including version 7.1.0 are vulnerable. Wordfence recommends updating to the latest version of the plugin, 7.2.0.
Read the official Wordfence advisory:
WordPress Popular Posts <= 7.1.0 – Unauthenticated Arbitrary Shortcode Execution
Featured Image by Shutterstock/GrandeDuc