security
-
Google Patches Critical Vulnerability in Site Kit Plugin
In late April Wordfence discovered a critical vulnerability in Google’s Site Kit plugin for WordPress that would make it possible … Continue reading Google Patches Critical Vulnerability in Site Kit Plugin →
-
WordPress 5.2.4 Release Addresses Several Security Issues
The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were … Continue reading WordPress 5.2.4 Release Addresses Several Security Issues →
-
Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild
After tracking exploits of a zero day XSS vulnerability in the Rich Reviews plugin for WordPress, Wordfence is recommending that … Continue reading Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild →
-
Proposal to Auto-Update Old Versions of WordPress to 4.7 Sparks Heated Debate
WordPress contributors, developers, and community members are currently debating a proposal to would implement a new policy regarding security support … Continue reading Proposal to Auto-Update Old Versions of WordPress to 4.7 Sparks Heated Debate →
-
WordPress Security Team Discusses Backporting Security Releases to Fewer Versions
The WordPress Security Team is exploring different approaches to backporting security fixes to older versions of the software. The effort … Continue reading WordPress Security Team Discusses Backporting Security Releases to Fewer Versions →
-
WP Super Cache 1.6.9 Patches Security Issue
There’s a new release of WP Super Cache (1.6.9) available that patches a security issue discovered in the debug log. … Continue reading WP Super Cache 1.6.9 Patches Security Issue →
-
All-in-One WP Migration 7.0 Patches XSS Vulnerability
Those who use the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as possible as … Continue reading All-in-One WP Migration 7.0 Patches XSS Vulnerability →
-
WPWeekly Episode 353 – Slack of Boundaries and A Walk to WCEU
In this episode, John James Jacoby and I discuss an article published by Vox on how Slack is not improving … Continue reading WPWeekly Episode 353 – Slack of Boundaries and A Walk to WCEU →
-
WordPress 5.2 Improves the Security of Automatic Updates
WordPress 5.2, released earlier this month, added the first step towards fully secure updates with offline digital signatures. Scott Arciszewski, … Continue reading WordPress 5.2 Improves the Security of Automatic Updates →
-
PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities
A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org … Continue reading PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities →
-
Pipdig Updates P3 Plugin after Reports Expose Vendor Backdoors, Built-in Kill Switch, and Malicious DDoS Code
Over the weekend, Pipdig, a small commercial theme company, has been at the center of a scandal after multiple reports … Continue reading Pipdig Updates P3 Plugin after Reports Expose Vendor Backdoors, Built-in Kill Switch, and Malicious DDoS Code →