security

Digital Signature Featured Image

Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, who is most widely known for his cryptography engineering work, published a post on Medium criticizing Matt Mullenweg, co-creator of the WordPress open-source software project, for not caring enough about security. Arciszewski has since retracted the post but you can read (more…)

WordPress REST API Vulnerability Exploits Continue

It has been nearly two weeks since the WordPress security team disclosed an unauthenticated privilege escalation vulnerability in a REST API endpoint in 4.7 and 4.7.1. The vulnerability was patched silently and disclosure was delayed for a week to give WordPress site owners a head start on updating to 4.7.2. (more…)

WordPress Weekly Featured Image

On this episode, Marcus Couch and I are joined by Morten Rand-Hendriksen to discuss his WordPress Telemetry proposal. We discuss the potential benefits of having an opt-in usage data collection system that could help core developers and others make informed decisions. Rand-Hendriksen also shares what he’s learned from teaching WordPress (more…)

WP Super Cache 1.4.9 Patches Multiple XSS Vulnerabilities

WP Super Cache is a nearly 10-year-old plugin that is maintained by Donncha Ó Caoimh and is actively installed on more than a million sites. Releases have been far and few between, but Ó Caoimh has released WP Super Cache 1.4.9 that patches cross-site-scripting vulnerabilities on the settings page. “Those pages (more…)

WordPress 4.7.1 Fixes Eight Security Issues

WordPress 4.7.1 is available for download and fixes eight security issues that affect WordPress 4.7 and below. The PHPMailer library was updated to patch a remote code execution (RCE) vulnerability. WordFence reported the vulnerability last month as critical and that it affects WordPress core. However, in the announcement post for (more…)