WordPress 6.0.2 Security and Maintenance Release: WordPress.org’s Bug Bounty Program at Work
Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release.
Call a Vulnerability a Vulnerability Roger…
Call a Vulnerability a Vulnerability Roger Montii reporting for SEJ looks at an Authenticated Stored XSS vulnerability in the WPBakery Page Builder plugin. The vulnerability was discovered by Wordfence and fixed through their collaboration with WPBakery in a recent update. 🍰 Vulnerabilities happen — all the time, and in major plugins. Having them discovered by…
New Year’s resolutions for WordPress developers
It’s a new year, and a great time to set some New Year’s resolutions as a WordPress developer. Here are some practical tips to up your game working with the WordPress code base.
There’s a Stored XSS vulnerability affecting…
There’s a Stored XSS vulnerability affecting the bbPress plugin. This bug is present on every default install of bbPress < 2.5.9, so chances are you might be effect if you have the plugin installed anywhere. Sucuri has more info on their blog.
WordPress security release, and 4.5 development kicks off
It was the first truly busy day in WordPress core land since the release of WordPress 4.4. Two big things happened: A maintenance and security update was released in WordPress 4.4.1, and the security component affected all versions back that can be auto-updated, to 3.7. WordPress 4.5 kicked off with the first meeting to discuss some…
WordFence — a security plugin to…
WordFence — a security plugin to boot — has an XSS vulnerability that was recently patched. VaultPress posted more about it, but if you run this plugin, you need to update.
Sucuri has a really in-depth walkthrough…
Sucuri has a really in-depth walkthrough of the Akismet XSS vulnerability they discovered, and it’s a nasty 9/10 on their DREAD score. That basically means it’s easy to do, and can result in a very bad outcome. Fortunately, auto-updates and responsible disclosure meant this one never saw the light of day. The recap is a…
Akismet getting auto-updated for critical XSS bug
Akismet has a critical XSS bug that dates back quite some time. A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but we have no evidence that it has been exploited in the wild. We’ve released updates…
Visual Composer has had some updates…
Visual Composer has had some updates to fix several XSS vulnerabilities. This plugin is on millions of websites, either by itself or baked into themes. Envato has an update on how they’re handling it, but many of you probably already got an email from them.
WordPress zero day vulnerability on comment text patched in 4.2.1
Many readers have likely heard by now that WordPress 4.2.1 is out (and probably already patched on your installs). The patch is in response to a zero day vulnerability reported by Jouko Pynnönen of Klikki. WordPress 4.2.1 includes a check on the number of characters in the content of comments to prevent truncation of the comment…
End of content
End of content
