security

PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities

A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org support forum moderators. The company is protesting the moderators’ actions by publishing zero-day vulnerabilities (those for which no patch has been issued) and then attempting to contact the plugin author (more…)

WordPress 5.1.1 Patches Critical Vulnerability

WordPress 5.1.1 was released yesterday evening with an important security update for a critical cross-site scripting vulnerability found in 5.1 and prior versions. The release post credited Simon Scannell of RIPS Technologies for discovering and reporting the vulnerability. Scannell published a post summarizing how an unauthenticated attacker could take over (more…)

Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1

Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331) that was reported to the Bootstrap Drupal project by a developer and then responsibly disclosed to the Bootstrap development team. The vulnerability specifically affects usage of the tooltip and popover features: Earlier this week a developer reported (more…)

WPML Website Hacked, Customer Emails Compromised

On Saturday, January 19, WPML customers started reporting having received an email from someone who seems to have hacked the plugin’s website and gained access to customer information. Got same mail and there is this text on #wpml website visible now. What happened guys? #security #hack #vulnerability #0day or something? (more…)

WordPress Weekly Featured Image

In this episode, John James Jacoby and I are joined by Jack Lenox, Software Engineer at Automattic, to discuss his new project, SustyWP. Lenox explains how he built the site so that it only has 7KB of data transfer, what sustainability on the web means to him, and the relationship (more…)