security
-
Wordfence Now Authorized as a CVE Numbering Authority
Wordfence has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA (CVE Numbering Authority), which allows … Continue reading Wordfence Now Authorized as a CVE Numbering Authority →
-
Jetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update
Jetpack 9.8 was released this week, introducing WordPress Stories as the headline feature. The Story block, which allows users to create … Continue reading Jetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update →
-
Patchstack Whitepaper: 582 WordPress Security Issues Found in 2020, Over 96% From Third-Party Extensions
Patchstack, which recently rebranded from WebARX, released its 2020 security whitepaper. The report identified a total of 582 security vulnerabilities. … Continue reading Patchstack Whitepaper: 582 WordPress Security Issues Found in 2020, Over 96% From Third-Party Extensions →
-
Zerodium Temporarily Triples Payout to $300K for WordPress Exploits
Zerodium, one of the most well-known security vulnerability brokers, announced that it is tripling payouts for remote code execution exploits … Continue reading Zerodium Temporarily Triples Payout to $300K for WordPress Exploits →
-
WebARX Rebrands To Patchstack, Combines Services To Focus on WordPress Plugin and Theme Security
In 2018, WebARX launched the first version of its security platform and grew to 3,000 users. Earlier this month, the … Continue reading WebARX Rebrands To Patchstack, Combines Services To Focus on WordPress Plugin and Theme Security →
-
Elementor Patches XSS Vulnerabilities Affecting 7 Million WordPress Sites
Elementor users who haven’t updated recently will want to get on the latest version 3.1.4 as soon as possible. Researchers … Continue reading Elementor Patches XSS Vulnerabilities Affecting 7 Million WordPress Sites →
-
Attackers Continue to Exploit Vulnerabilities in The Plus Addons for Elementor Plugin
Last week, security researchers at Seravo and WP Charged reported a critical zero-day vulnerability in The Plus Addons for Elementor … Continue reading Attackers Continue to Exploit Vulnerabilities in The Plus Addons for Elementor Plugin →
-
WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities
WPScan, a security company that maintains a database of WordPress vulnerabilities, has been officially designated as a CVE (Common Vulnerability … Continue reading WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities →
-
Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended
Contact Form 7 has patched a critical file upload vulnerability in version 5.3.2, released today by plugin author Takayuki Miyoshi. … Continue reading Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended →
-
Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability
Easy WP SMTP has patched a vulnerability that allows attackers to capture the password reset link from the plugin’s debug … Continue reading Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability →
-
WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout
WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the … Continue reading WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout →
-
Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users
WordPress.org has pushed out a forced security update for the Loginizer plugin, which is active on more than 1 million … Continue reading Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users →