security

Safety First auto Updates

WordPress 4.4.1 is available for download and includes 52 fixes, one of which patches a cross site scripting vulnerability reported by Crtc4L. This release address two severe bugs and updates the polyfill used for emoji to support Unicode 8. Support for Unicode 8 adds new diversity emoji to WordPress. Other (more…)

WP Engine Security Breach: Customer Credentials Exposed

WP Engine customers received an urgent notification in their inboxes Wednesday evening regarding a security breach. At WP Engine we are committed to providing robust security. We are writing today to let you know that we learned of an exposure involving some of our customers’ credentials. Out of an abundance (more…)

BuddyPress Featured Image

BuddyPress 2.3.5 is available and patches a security vulnerability that may allow privilege escalation for logged-in users. BuddyPress 2.3.4 and previous versions are affected however, versions 2.0.4, 2.1.2, and 2.2.4 include the patch. According to the BuddyPress development team, there is no evidence that the bug has been exploited in (more…)

Jetpack 3.7.2 Patches Two Security Vulnerabilities

Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability. The second is an information disclosure (more…)