XSS

Business Roundup Week Ending March 10

Mike Demopoulos

March 10, 2023

Google Optimize Sunsetting Google recently announced it would shut down its Optimize and Optimize 360 services. These tools were designed to help website owners optimize their content and user experience through A/B testing and personalization features. The decision to shut…

Business Roundup Week Ending March 3

Mike Demopoulos

March 3, 2023

BusinessThe Week in Review

Business Roundup Week Ending March 3

WordPress 6.0.2 Security and Maintenance Release: WordPress.org’s Bug Bounty Program at Work

Dan Knauss

August 31, 2022

NotesPlanet

Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release.

Call a Vulnerability a Vulnerability Roger…

Dan Knauss

October 9, 2020

Security

Call a Vulnerability a Vulnerability Roger Montii reporting for SEJ looks at an Authenticated Stored XSS vulnerability in the WPBakery Page Builder plugin. The vulnerability was discovered by Wordfence and fixed through their collaboration with WPBakery in a recent update.…

New Year’s resolutions for WordPress developers

Jack Lenox

January 12, 2017

DevelopmentPlanet

It's a new year, and a great time to set some New Year's resolutions as a WordPress developer. Here are some practical tips to up your game working with the WordPress code base.

There’s a Stored XSS vulnerability affecting…

Brian Krogsgard

May 7, 2016

There's a Stored XSS vulnerability affecting the bbPress plugin. This bug is present on every default install of bbPress < 2.5.9, so chances are you might be effect if you have the plugin installed anywhere. Sucuri has more info on…

WordPress security release, and 4.5 development kicks off

Brian Krogsgard

January 6, 2016

DesignSecurity

It was the first truly busy day in WordPress core land since the release of WordPress 4.4. Two big things happened: A maintenance and security update was released in WordPress 4.4.1, and the security component affected all versions back that can…

WordFence — a security plugin to…

December 10, 2015

Security

WordFence -- a security plugin to boot -- has an XSS vulnerability that was recently patched. VaultPress posted more about it, but if you run this plugin, you need to update.

Sucuri has a really in-depth walkthrough…

October 14, 2015

Sucuri has a really in-depth walkthrough of the Akismet XSS vulnerability they discovered, and it's a nasty 9/10 on their DREAD score. That basically means it's easy to do, and can result in a very bad outcome. Fortunately, auto-updates and…

Akismet getting auto-updated for critical XSS bug

Brian Krogsgard

October 13, 2015

Akismet has a critical XSS bug that dates back quite some time. A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but…

Visual Composer has had some updates…

October 13, 2015

Visual Composer has had some updates to fix several XSS vulnerabilities. This plugin is on millions of websites, either by itself or baked into themes. Envato has an update on how they're handling it, but many of you probably already…

WordPress zero day vulnerability on comment text patched in 4.2.1

Brian Krogsgard

April 28, 2015

HostingSecurity

Many readers have likely heard by now that WordPress 4.2.1 is out (and probably already patched on your installs). The patch is in response to a zero day vulnerability reported by Jouko Pynnönen of Klikki. WordPress 4.2.1 includes a check on…