vulnerability

Patches Featured Image

Those who use the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as possible as 6.97 contains an admin backend cross-site-scripting vulnerability. An attacker would already have to be able to either compromise the database or gain access to a user account with high enough (more…)

NextGEN Gallery Featured Image

Slavco Mihajloski, security researcher at Sucuri, has discovered a critical SQL injection vulnerability in NextGEN Gallery, a popular WordPress plugin that’s active on more than a million sites. Mihajloski gives the vulnerability a 9 out of 10 on Sucuri’s DREAD scale. Dread stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Each category (more…)

Ninja Forms Featured Image

Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely (more…)

Osirt, a malware security company is reporting that the WordPress theme OptimizePress contains a significant security vulnerability. According to the security bulletin published a few days ago, the problem lies within the Media-upload.php file. When a browser loads this file within the theme, the media upload screen appears. From here, (more…)