WooCommerce 2.3.11 Patches Object Injection Vulnerability

WooCommerce 2.3.11 patches an object injection vulnerability discovered by Sucuri. According to the security research company, the vulnerability is only present when the PayPal Identity Token option is set in WooCommerce. Researchers used a combination of WordPress and WooCommerce components with a known PHP bug and were able to download (more…)

WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability

This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released 4.2.1 within hours of being notified. WordPress’ official statement on the security issue: The WordPress (more…)