in Security
Severe Vulnerabilities Fixed in All In One SEO Plugin Version 4.1.5.3 (jetpack.com)
During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug.
Security
Latest posts
in SecurityGravatar "Breach" Exposes Data of 100+ Million Users (www.searchenginejournal.com)
A security site emailed notices of a data breach affecting over 100 million users of Gravatar. Gravatar denies it was hacked
in SecurityGoDaddy Data Breach Exposes 1.2 Million Active and Inactive Managed WordPress Hosting Accounts (wptavern.com)
In a disclosure to the U.S. Securities and Exchange Commission (SEC) that was published today, GoDaddy announced a data security breach impacting its WordPress managed hosting customers. The compan…
Patchstack Releases Free Security Plugin, Its Red Team Found 1,182 Vulnerabilities Since March (wptavern.com)
In September, Patchstack released its six-month report on the vulnerabilities found with WordPress and its extensions. At the time, it listed over 1,000 issues — the company has shared the[…]
in Security1,000,000 Sites Affected by OptinMonster Vulnerabilities (www.wordfence.com)
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence Threat Intelligence[…]
in SecurityXSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites (www.wordfence.com)
Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021, the Wordfence Threat Intelligence[…]
in SecuritySecurity Issues Patched in Smash Balloon Social Post Feed Plugin (jetpack.com)
We uncovered security issues in Smash Balloon Social Post Feed Plugin (also known as Custom Facebook Feed) that could grant attackers access to your privileged information. Read this blog post[…]
in SecurityMultiple vulnerabilities in WP Fastest Cache plugin (jetpack.com)
We uncovered multiple vulnerabilities in WP Fastest Cache plugin that could grant attackers access to your privileged information. We strongly recommend that you update to the latest version of the[…]
How To Add Two-Factor Authentication In WordPress (wp-content.co)
In this article, we are going to show you how to add two-factor authentication to WordPress using a two-factor Authentication plugin.
Using the WPScan plugin to find vulnerabilities in your WordPress website (www.wpwhitesecurity.com)
Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that[…]
in Security, WooCommerceWooCommerce 5.7.0 Patches Security Issue that Could Potentially Leak Analytics Reports (wptavern.com)
WooCommerce shipped version 5.7.0 through a forced update for some users earlier this week. The minor release was not billed as a security update but the following day WooCommerce published[…]
in SecurityCSRF Vulnerability Found in Software License Manager Plugin (jetpack.com)
The Jetpack Scan team discovered a Cross-Site Request Forgery vulnerability in Software License Manager Plugin for WordPress. We recommend that anyone running version 4.5.0 or earlier of the plugin to[…]
in SecurityOver 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities (www.wordfence.com)
On August 3, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for two vulnerabilities we discovered in the Gutenberg Template Library & Redux Framework plugin, which is installed[…]
in SecurityMalware using the REST API for Remote Code Execution (jetpack.com)
This week, Jetpack Scan flagged the license file of a premium extension. It turned out to be injected malware using the REST API for remote code execution.