For your WP Security, be informed about the latest vulnerabilities in WordPress themes: Supreme Directory Theme Unauthenticated Cross-Site Scripting (XSS) reported by Franciny Salles and Flavio Landivar (http://www.hackingxsolutions.com/). This theme has a parameter, s, that allows execute a xss payload: ">". The software does not neutralize or incorrectly neutralizes user-controllable...
At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Gwolle Guestbook Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Gwolle Guestbook plugin for WordPress CMS, a security vulnerability was...
At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Open Graph for Facebook, Google+ and Twitter Card Tags Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes...
WordPress 4.9.8 is now available, since August 2, 2018. This is a privacy and maintenance release. This WordPress Maintenance release fixes 46 bugs, enhancements and blessed tasks, including updating the Twenty Seventeen bundled theme, 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools added...
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Church Admin Unauthenticated Directory Traversal reported by malwrforensics.com. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software...
For your WordPress protection, be informed about the latest WordPress Core vulnerability, fixed in WordPress 4.9.2 Security and Maintenance Release from January 16, 2018. WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). MediaElement has released a new version that contains a fix for the...
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security...
Version 4.9 of WordPress, named “Tipton” in honour of jazz musician and bandleader Billy Tipton, is available for download or update in your WordPress dashboard. Read about new features in WordPress 4.9. Major Customiser Improvements, Code Error Checking, and More! Welcome to an improved Customiser workflow with design drafts,...
For your WordPress protection, be informed about the latest WordPress Core vulnerability, fixed in security release WordPress 4.8.3 from October 31, 2017. This bug creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to account takeovers. If this sounds familiar,...