A researcher out of Germany, Laokoon Security, recently reported a couple of security related issues they uncovered during an audit for one of their clients.
These issues have been resolved in Simple:Press V 6.8.1.
If you’re running any version earlier than this you should upgrade ASAP.
If for some reason you’re still running Version 5.x or 4.x and do not want to upgrade, you should disable Simple:Press.
Only the most recent release of Simple:Press will have the latest security updates and patches.
Additionally, you should update your premium plugins. If you do not have a premium license then you should either purchase a new one or deactivate the older versions you are using.
About Security Updates
Updates that include security fixes are a fact of life for all software. Whether it’s Microsoft, Google or independent software developers such as ourselves, they are part of the software development cycle.
WordPress itself releases multiple security updates every year. The most recent releases (6.0.2 and 6.03) were primarily security related fixes.
Every single month Microsoft ships updates that include security releases.
So, while it may sound ‘bad’ that we have to issue a security related release, you need to worry more about your mission critical plugins that are NOT issuing releases with security fixes.
No development shop is perfect so if your mission-critical plugins aren’t issuing updates with security fixes then they’re either hiding them or not searching for them. (We’re talking about larger plugins, not smaller plugins with limited features.)
As you might expect, we remain committed to stomping out security related issues as they are discovered or reported as well as continuing to improve our ‘security first’ development philosophy.