In 2016, Acunetix, a UK-based security firm, found that 33% of websites and web apps are vulnerable to XSS. This number is down 5% from the company’s findings for the previous year, but it’s still one of the most common vulnerabilities. In fact, every WordPress security release for the past year has included patches for…
If you use Akismet to battle comment spam, make sure it’s running version 3.1.5 as it patches a critical security vulnerability. Due to the nature of the bug, the Akismet team pushed out auto updates to sites that can accept them. According to Sucuri, sites using Akismet 3.1.4 and lower and that have the Convert…
WP REST API version 1.2.3 and 2.0 Beta 4 address a security issue that affects sites running 1.2 or 2.0 beta. This release fixes a potential XSS vulnerability related to JSONP support in 1.2 and 2.0 of the API. Automatic updates are in progress for 1.2.3 but if your site hasn’t automatically updated, the team…
WordPress users in the Americas woke this morning to find update notices in their inboxes due to a critical security vulnerability. WordPress 4.2.3 was released today and automatically pushed out to sites that have auto-updates enabled. Because this is a security release for all previous versions of WordPress, those who do not have automatic update…
Jeff Ikus of WooThemes, announced on the company’s themes development blog, that it has pushed out updates to all of its products that use the prettyPhoto library. The update fixes a DOM based cross-site scripting vulnerability discovered in 2014. prettyPhoto is a jQuery lightbox clone used in a potentially large number of WordPress products. If…