security

WordPress 4.7.1 Fixes Eight Security Issues

WordPress 4.7.1 is available for download and fixes eight security issues that affect WordPress 4.7 and below. The PHPMailer library was updated to patch a remote code execution (RCE) vulnerability. WordFence reported the vulnerability last month as critical and that it affects WordPress core. However, in the announcement post for (more…)

BuddyPress 2.7.4 Patches Security Vulnerability That Could Allow Arbitrary File Deletion

The BuddyPress development team has released BuddyPress 2.7.4 to address a security vulnerability that affects all versions back to 2.0. According to John James Jacoby, lead developer of BuddyPress, “This version patches a vulnerability to the BuddyPress core attachments API that could allow arbitrary file deletion on certain installation configurations.” The (more…)

WP eCommerce 3.11.4 Patches SQL Injection Vulnerability

Over the weekend, the WP eCommerce team released version 3.11.4 of its e-commerce plugin. The update patches an SQL injection vulnerability that was responsibly disclosed by Mika Epstein, a member of the WordPress.org plugin review team. According to Justin Sainton, lead developer of WP eCommerce, the team was notified of the vulnerability on (more…)

ManageWP Launches Automated Security Scanning

When ManageWP allowed users to perform security scans of websites through the Orion interface in December of 2015, a feature commonly requested by customers was the ability to automate the scans. Nine months after implementing security checks for customers, ManageWP has added automated security scans to its assortment of features. The automated security (more…)

WordPress 4.6.1 Released, Patches Two Security Vulnerabilities

WordPress 4.6.1 is available and users are strongly encouraged to update immediately as it patches two security vulnerabilities. The first is a cross-site scripting vulnerability related to image filenames that was reported by Cengiz Han Sahin, a SumOfPwn researcher. The second is a path traversal vulnerability in the upgrade package (more…)

Jetpack 4.2 Released with Performance and Security Updates

Jetpack 4.2 is a combination release with performance improvements and fixes for a couple of security vulnerabilities. These updates secure Contact Form submission exports from potential formula injections and fix a general XSS vulnerability in the misuse of the add_query_arg() function. The majority of enhancements in this release are centered (more…)

TechCrunch Hacked by OurMine, Attackers Target Weak Passwords

TechCrunch is the latest victim in OurMine’s summer hacking rampage. The site, which is powered by WordPress and hosted via WordPress.com VIP, was hacked this morning and defaced with a message from the attackers who identify themselves as an “elite hacker group.” TechCrunch’s news ticker was updated to display: “Hello (more…)