Chris Wiegman of iThemes has announced the latest update to the Better WP Security plugin contains fixes for vulnerabilities discovered in 3.6.3. The updates address compatibility with InfiniteWP, the removal of their in-dashboard support form, and FooPlugins support form code.
While support for InfiniteWP was removed in 3.6.4, it’s been restored in 3.6.5 as they have since come up with a satisfactory solution eliminating the security risk. Wiegman goes into detail on each issue on the iThemes blog and assures everyone that as of version 3.6.5, the plugin contains no security vulnerabilities.
Users of Better WordPress Security are encouraged to update to the latest version to receive the security patches.
Thanks Jeff. It’s worth pointing out that both issues were with 3rd party code and the Foo issue wasn’t exploitable on the site. Tha said, we’re releasing a complete rewrite next week or so which will take it all to the next level.