Please Update If You Use PublishPress Capabilities

If you use the PublishPress Capabilities plugin, please update to the latest version which is currently 2.3.1.

A week ago, the WPScan team notified us about a security issue in earlier versions of PublishPress Capabilities. That issue is fixed in 2.3.1, so please update your sites.

The plugin team have been very helpful. They are rolling out auto-updates for this security fix, so everyone who uses the version of PublishPress Capabilities from should be covered ASAP. If you use PublishPress Capabilities Pro, please update your site manually.

The most common sign of this issue is new users being created. This Wordfence post has details on how the issue is being exploited.

We apologize for this issue. You trust us with your sites. We need to do better and review our policies to avoid this happening in future releases.

If you have any questions about this issue, you're welcome to send an email to [email protected].

If you ever discover a vulnerability in a PublishPress plugin, we always appreciate hearing from you. Please follow these steps to contact us.


  • Steve Burge

    Steve is the founder of PublishPress. He's been working with open source software for over 20 years. Originally from the UK, he now lives in Sarasota in the USA. This profile is generated by the PublishPress Authors plugin.

    View all posts

Leave a Reply

Your email address will not be published. Required fields are marked *