security

Patches Featured Image

The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library (more…)

Ninja Forms Featured Image

Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely (more…)

bbPress 2.5.9 Patches Cross-Site-Scripting Vulnerability

John James Jacoby, lead developer of bbPress, has released bbPress 2.5.9 to patch a security vulnerability, “bbPress 2.5.8 and below are susceptible to a cross-site-scripting vulnerability that’s due to the way users are linked to their profiles when they are mentioned in topics and replies,” Jacoby said. Marc-Alexandre Montpas is (more…)

Templatic Hacked, Files and Databases Compromised

Templatic, a WordPress commercial theme company, reported on Saturday, April 30th, that its site was hacked. Files and databases containing customer usernames and passwords were compromised. According to R. Bhavesh, founder of Templatic, the data is being held for ransom money. The hacker is now threatening us via email and (more…)

WordPress Weekly Featured Image

In this episode of WordPress Weekly, Marcus Couch and I discuss the news of the week, including a big move for VersionPress as it transitions into an open source project. We provide an update on the development status of bbPress and BuddyPress. We also share details of a critical security (more…)