security

WP Super Cache 1.6.9 Patches Security Issue

There’s a new release of WP Super Cache (1.6.9) available that patches a security issue discovered in the debug log. The vulnerability can only be exploited if users have debugging enabled. It’s highly recommended that all users upgrade to 1.6.9 to patch the security issue. Details of the vulnerability will (more…)

Patches Featured Image

Those who use the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as possible as 6.97 contains an admin backend cross-site-scripting vulnerability. An attacker would already have to be able to either compromise the database or gain access to a user account with high enough (more…)

WordPress 5.2 Improves the Security of Automatic Updates

WordPress 5.2, released earlier this month, added the first step towards fully secure updates with offline digital signatures. Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, explains how it works and how developers can migrate away from mcrypt to libsodium. When your WordPress site installs an automatic update, from (more…)

PluginVulnerabilities.com is Protesting WordPress.org Support Forum Moderators by Publishing Zero-Day Vulnerabilities

A security service called Plugin Vulnerabilities, founded by John Grillot, is taking a vigilante approach to addressing grievances against WordPress.org support forum moderators. The company is protesting the moderators’ actions by publishing zero-day vulnerabilities (those for which no patch has been issued) and then attempting to contact the plugin author (more…)

WordPress 5.1.1 Patches Critical Vulnerability

WordPress 5.1.1 was released yesterday evening with an important security update for a critical cross-site scripting vulnerability found in 5.1 and prior versions. The release post credited Simon Scannell of RIPS Technologies for discovering and reporting the vulnerability. Scannell published a post summarizing how an unauthenticated attacker could take over (more…)

Bootstrap Patches XSS Vulnerability in Versions 4.3.1 and 3.4.1

Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331) that was reported to the Bootstrap Drupal project by a developer and then responsibly disclosed to the Bootstrap development team. The vulnerability specifically affects usage of the tooltip and popover features: Earlier this week a developer reported (more…)