security

WordPress Weekly Featured Image

On this week’s episode, Marcus Couch and I talk about the news of the week, including the release of WordPress 4.2.4 which patches six security vulnerabilities. I shared my experience attending Prestige last weekend while Marcus describes what it was like to watch the livestream. Marcus and I closed out (more…)

Plugin Developers Demand a Better Security Release Process After WordPress 4.2.3 Breaks Thousands of Websites

WordPress 4.2.3, a critical security release, was automatically pushed out to users yesterday to fix an XSS vulnerability. Shortly afterwards, the WordPress.org support forums were flooded with reports of websites broken by the update. Roughly eight hours later Robert Chapin (@miqrogroove) published a post to the Make.WordPress.org/Core blog, detailing changes (more…)

WooCommerce 2.3.11 Patches Object Injection Vulnerability

WooCommerce 2.3.11 patches an object injection vulnerability discovered by Sucuri. According to the security research company, the vulnerability is only present when the PayPal Identity Token option is set in WooCommerce. Researchers used a combination of WordPress and WooCommerce components with a known PHP bug and were able to download (more…)