List Headline Image
Updated by David Sharpe on Aug 16, 2016
David Sharpe David Sharpe
14 items   0 followers   0 votes   51 views

Reasons to Keep WordPress Updated

Hackers Hijack Fancybox Plugin to Deface WordPress Sites with ISIS Propaganda

Last month a vulnerability was discovered in the Fancybox for WordPress plugin, making it possible for a hacker to inject an iframe into the website without needing administrator access. Although t...

Zero Day Vulnerability Discovered in Fancybox for WordPress Plugin

Four hours ago, users seeking support on reported malware injected into their sites from an unknown source. The vulnerability allows for an iframe to be injected, redirecting to a '20...

Pods Framework Security Release Fixes Severe Vulnerability

Last week a blind SQL injection vulnerability was discovered in Yoast's popular WordPress SEO plugin. Given the severity of the vulnerability and the fact that the plugin is installed on more than ...

Blind SQL Injection Vulnerability Discovered in WordPress SEO Plugin by Yoast: Immediate Update Recommended

A blind SQL injection vulnerability was discovered today in the popular WordPress SEO plugin by Yoast. WPScanVulnerability Database issued an advisory after responsibly disclosing the vulnerability...

WooCommerce SQL injection vulnerability - Wordfence Blog

Yesterday Matt Barry, one of our researchers at Wordfence discovered a SQL injection vulnerability in WooCommerce version 2.3.5 and older during a code audit of the plugin repository.  WooCommerce is installed on over 1 million active WordPress websites. We immediately contacted Woo about the issue and they’ve been incredibly responsive, releasing a fix this morning with their …

Zero Day SQL Injection Vulnerability in WordPress Video Gallery - Wordfence Blog

Update 2 on Feb 24th: A new version of this plugin has been released. We’ve run a penetration test on the plugin and the ‘vid’ parameter is no longer exploitable. We tested several other parameters and it appears at this point that the original security issue has been resolved. Update @9:45PM PST: About an hour before …

Compromised WordPress sites launch drive-by attacks off Pirate Bay clone

This Pirate Bay clone is actively pushing the Nuclear exploit kit with an iframe and will infect vulnerable visitors via drive-by download attacks. We've also detected several WordPress sites injected with the same iframe.

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins | Sucuri Blog

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are

Zero Day XSS Vulnerability in WordPress 4.2 Currently Being Patched

Klikki Oy is reporting a new comment XSS exploit vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an unauthenticated attacker to inject JavaScript into comments. If triggered b...

Coordinated plugin updates to address security vulnerability in many popular WordPress plugins | Post Status

A coordinated plugin update occurred this morning between many popular WordPress plugins to address a common security vulnerability that allows for XSS cross-site scripting attacks.

XSS Vulnerability Affecting Multiple WordPress Plugins | Sucuri Blog

Many popular WordPress plugins are vulnerable to Cross-site Scripting, from the misuse of the add_query_arg() and remove_query_arg() due to poor documentation.

XSS Vulnerability in Jetpack and the Twenty Fifteen Default Theme Affects Millions of WordPress Users

Jetpack and the Twenty Fifteen default theme have been updated after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered. According to Sucuri, any plugin or theme that uses Generico...