Jetpack 3.7.2 Patches Two Security Vulnerabilities

Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability. The second is an information disclosure (more…)

WP Super Cache Featured Image

If you use WP Super Cache, you should immediately update to version 1.4.5 as it patches a XSS vulnerability in the settings page. This version also prevents PHP object injections. In addition to security patches, 1.4.5 contains a number of bug fixes. Make sure to update your sites as soon (more…)

WPML Confirms It Did Not Have a Security Breach

When WPML emailed new passwords to customers in plaintext, some customers thought it was due to a security breach. Amit Kvint, compatibility team leader for WPML, confirmed the emails are not a result of a security breach. In a post on the official WPML blog, Kvint says the emails were (more…)

WordPress Weekly Featured Image

On this week’s episode, Marcus Couch and I talk about the news of the week, including the release of WordPress 4.2.4 which patches six security vulnerabilities. I shared my experience attending Prestige last weekend while Marcus describes what it was like to watch the livestream. Marcus and I closed out (more…)

Plugin Developers Demand a Better Security Release Process After WordPress 4.2.3 Breaks Thousands of Websites

WordPress 4.2.3, a critical security release, was automatically pushed out to users yesterday to fix an XSS vulnerability. Shortly afterwards, the support forums were flooded with reports of websites broken by the update. Roughly eight hours later Robert Chapin (@miqrogroove) published a post to the blog, detailing changes (more…)