security
-
WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities
WPScan, a security company that maintains a database of WordPress vulnerabilities, has been officially designated as a CVE (Common Vulnerability … Continue reading WPScan Can Now Assign CVE Numbers for WordPress Core, Plugin, and Theme Vulnerabilities →
-
Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended
Contact Form 7 has patched a critical file upload vulnerability in version 5.3.2, released today by plugin author Takayuki Miyoshi. … Continue reading Contact Form 7 Version 5.3.2 Patches Critical Vulnerability, Immediate Update Recommended →
-
Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability
Easy WP SMTP has patched a vulnerability that allows attackers to capture the password reset link from the plugin’s debug … Continue reading Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability →
-
WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout
WooCommerce 4.6.2 was released yesterday with a fix for a vulnerability that allowed account creation at checkout, even when the … Continue reading WooCommerce Patches Vulnerability that Allowed Spam Bots to Create Accounts at Checkout →
-
Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users
WordPress.org has pushed out a forced security update for the Loginizer plugin, which is active on more than 1 million … Continue reading Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users →
-
All in One SEO Pack Plugin Patches XSS Vulnerability
All in One SEO Pack patched an XSS vulnerability this week that was discovered by the security researchers at Wordfence … Continue reading All in One SEO Pack Plugin Patches XSS Vulnerability →
-
Google Patches Critical Vulnerability in Site Kit Plugin
In late April Wordfence discovered a critical vulnerability in Google’s Site Kit plugin for WordPress that would make it possible … Continue reading Google Patches Critical Vulnerability in Site Kit Plugin →
-
WordPress 5.2.4 Release Addresses Several Security Issues
The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were … Continue reading WordPress 5.2.4 Release Addresses Several Security Issues →
-
Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild
After tracking exploits of a zero day XSS vulnerability in the Rich Reviews plugin for WordPress, Wordfence is recommending that … Continue reading Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild →
-
Proposal to Auto-Update Old Versions of WordPress to 4.7 Sparks Heated Debate
WordPress contributors, developers, and community members are currently debating a proposal to would implement a new policy regarding security support … Continue reading Proposal to Auto-Update Old Versions of WordPress to 4.7 Sparks Heated Debate →
-
WordPress Security Team Discusses Backporting Security Releases to Fewer Versions
The WordPress Security Team is exploring different approaches to backporting security fixes to older versions of the software. The effort … Continue reading WordPress Security Team Discusses Backporting Security Releases to Fewer Versions →