security

bbPress 2.5.10 Patches Security Vulnerability

John James Jacoby, lead developer of bbPress, has released bbPress 2.5.10 to patch a security vulnerability in all previous versions of the 2.X branch. This release also contains security hardening improvements where user display names and avatars are commonly displayed together. Jacoby notes that these changes affect bbPress only and don’t impact third-party (more…)

All in One SEO 2.3.7 Patches Persistent XSS Vulnerability

Semper Fi Web Design, the company behind All in One SEO, a popular WordPress SEO optimization plugin that’s active on more than 1M sites, has released 2.3.7 to patch a persistent XSS security vulnerability. According to the plugin’s changelog, 2.3.7 sanitizes the Bad Bots module referer and user agent. While it doesn’t sound (more…)

WordPress 4.5.3 Fixes 7 Security Issues

WordPress 4.5.3 was released today to fix seven important security issues that affect 4.5.2 and prior versions. Automatic background updates are already rolling out and all users are advised to update immediately. The release patches the following security issues: Redirect bypass in the customizer (reported by Yassine Aboukir) Two different (more…)

Critical Vulnerability Patched in EWWW Image Optimizer Plugin

Yesterday the security team at Wordfence disclosed a critical remote code execution vulnerability in the EWWW Image Optimizer to Shane Bishiop, the plugin’s author. Bishop acted quickly to patch the plugin and an update was pushed out to WordPress.org users this morning. According to Wordfence, the vulnerability affects multisite WordPress (more…)

Jetpack 4.0.3 Patches a Critical XSS Vulnerability

Jetpack 4.0.3 is a security release that contains an important fix for a critical vulnerability that has been present in the plugin since version 2.0, released in 2012. According to Jetpack team member Sam Hotchkiss, a stored XSS vulnerability was found in the way that some Jetpack shortcodes are processed, (more…)

Patches Featured Image

The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library (more…)

Ninja Forms Featured Image

Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely (more…)