security
-
WebARX Rebrands To Patchstack, Combines Services To Focus on WordPress Plugin and Theme Security
In 2018, WebARX launched the first version of its security platform and grew to 3,000 users. Earlier this month, the … Continue reading WebARX Rebrands To Patchstack, Combines Services To Focus on WordPress Plugin and Theme Security →
-
Elementor Patches XSS Vulnerabilities Affecting 7 Million WordPress Sites
Elementor users who haven’t updated recently will want to get on the latest version 3.1.4 as soon as possible. Researchers … Continue reading Elementor Patches XSS Vulnerabilities Affecting 7 Million WordPress Sites →
-
Attackers Continue to Exploit Vulnerabilities in The Plus Addons for Elementor Plugin
Last week, security researchers at Seravo and WP Charged reported a critical zero-day vulnerability in The Plus Addons for Elementor … Continue reading Attackers Continue to Exploit Vulnerabilities in The Plus Addons for Elementor Plugin →
-
WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities
WPScan, a security company that maintains a database of WordPress vulnerabilities, has been officially designated as a CVE (Common Vulnerability … Continue reading WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities →
-
Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended
Contact Form 7 has patched a critical file upload vulnerability in version 5.3.2, released today by plugin author Takayuki Miyoshi. … Continue reading Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended →
-
Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability
Easy WP SMTP has patched a vulnerability that allows attackers to capture the password reset link from the plugin’s debug … Continue reading Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability →
-
WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout
WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the … Continue reading WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout →
-
Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users
WordPress.org has pushed out a forced security update for the Loginizer plugin, which is active on more than 1 million … Continue reading Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users →
-
All in One SEO Pack Plugin Patches XSS Vulnerability
All in One SEO Pack patched an XSS vulnerability this week that was discovered by the security researchers at Wordfence … Continue reading All in One SEO Pack Plugin Patches XSS Vulnerability →
-
Google Patches Critical Vulnerability in Site Kit Plugin
In late April Wordfence discovered a critical vulnerability in Google’s Site Kit plugin for WordPress that would make it possible … Continue reading Google Patches Critical Vulnerability in Site Kit Plugin →
-
WordPress 5.2.4 Release Addresses Several Security Issues
The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were … Continue reading WordPress 5.2.4 Release Addresses Several Security Issues →
-
Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild
After tracking exploits of a zero day XSS vulnerability in the Rich Reviews plugin for WordPress, Wordfence is recommending that … Continue reading Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild →