Tag: disclosure

WordPress 4.8.3, A Security Release Six Weeks in the Making

WordPress 4.8.3 is available and is a security release for 4.8.2 and all previous versions. This release addresses an issue with $wpdb->prepare() that could lead to a potential SQL injection. While WordPress core is not vulnerable, hardening has been added to prevent plugins and themes from inadvertently causing a vulnerability. If you’re experiencing a bit…

November 1, 2017

Jeff Chandler
WordPress.com Security Vulnerability Stirs Debate Over Responsible Disclosure

Late last week, Yan Zhu, a Staff Technologist for the Electronic Frontier Foundation publicly disclosed a security vulnerability she discovered with WordPress.com and how it handles cookies. More specifically, she discovered the “wordpress_logged_in” cookie being sent in the clear to a WordPress authentication endpoint. She was able to use the authenticated cookie to publish blog…

May 28, 2014

Jeff Chandler

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Email Address

About WP Tavern

WordPress Tavern is a website about all things WordPress. We cover news and events, write plugin and theme reviews, and talk about key issues within the WordPress ecosystem…

Home
About
Archive
Write For Us
Ask the Bartender

Twitter
Facebook
Instagram

Tag: disclosure

WordPress 4.8.3, A Security Release Six Weeks in the Making

WordPress.com Security Vulnerability Stirs Debate Over Responsible Disclosure