ManageWP Launches Automated Security Scanning

When ManageWP allowed users to perform security scans of websites through the Orion interface in December of 2015, a feature commonly requested by customers was the ability to automate the scans. Nine months after implementing security checks for customers, ManageWP has added automated security scans to its assortment of features. The automated security (more…)

WordPress 4.6.1 Released, Patches Two Security Vulnerabilities

WordPress 4.6.1 is available and users are strongly encouraged to update immediately as it patches two security vulnerabilities. The first is a cross-site scripting vulnerability related to image filenames that was reported by Cengiz Han Sahin, a SumOfPwn researcher. The second is a path traversal vulnerability in the upgrade package (more…)

Jetpack 4.2 Released with Performance and Security Updates

Jetpack 4.2 is a combination release with performance improvements and fixes for a couple of security vulnerabilities. These updates secure Contact Form submission exports from potential formula injections and fix a general XSS vulnerability in the misuse of the add_query_arg() function. The majority of enhancements in this release are centered (more…)

TechCrunch Hacked by OurMine, Attackers Target Weak Passwords

TechCrunch is the latest victim in OurMine’s summer hacking rampage. The site, which is powered by WordPress and hosted via VIP, was hacked this morning and defaced with a message from the attackers who identify themselves as an “elite hacker group.” TechCrunch’s news ticker was updated to display: “Hello (more…)

bbPress 2.5.10 Patches Security Vulnerability

John James Jacoby, lead developer of bbPress, has released bbPress 2.5.10 to patch a security vulnerability in all previous versions of the 2.X branch. This release also contains security hardening improvements where user display names and avatars are commonly displayed together. Jacoby notes that these changes affect bbPress only and don’t impact third-party (more…)

All in One SEO 2.3.7 Patches Persistent XSS Vulnerability

Semper Fi Web Design, the company behind All in One SEO, a popular WordPress SEO optimization plugin that’s active on more than 1M sites, has released 2.3.7 to patch a persistent XSS security vulnerability. According to the plugin’s changelog, 2.3.7 sanitizes the Bad Bots module referer and user agent. While it doesn’t sound (more…)

WordPress 4.5.3 Fixes 7 Security Issues

WordPress 4.5.3 was released today to fix seven important security issues that affect 4.5.2 and prior versions. Automatic background updates are already rolling out and all users are advised to update immediately. The release patches the following security issues: Redirect bypass in the customizer (reported by Yassine Aboukir) Two different (more…)

Critical Vulnerability Patched in EWWW Image Optimizer Plugin

Yesterday the security team at Wordfence disclosed a critical remote code execution vulnerability in the EWWW Image Optimizer to Shane Bishiop, the plugin’s author. Bishop acted quickly to patch the plugin and an update was pushed out to users this morning. According to Wordfence, the vulnerability affects multisite WordPress (more…)