For your WordPress protection, be informed about the NEW UNPATCHED WordPress Core vulnerability. Publicly known since its first official report on June 26, 2018 or it’s official disclosure 7 months ago. All versions of WordPress starting with the latest 4.9.6 and below have the Authenticated Arbitrary File Deletion vulnerability. WordPress…
WP Security
For your WP Security, be informed about the latest vulnerabilities in WordPress themes: BBE Theme Direct Object Reference reported by Ryan (Dewhurst Security). The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor. immediately upgrade to version 1.53 to fix the vulnerability
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Form Maker by WD CSV Injection reported by Ryan (Dewhurst Security). Custom Forms version 1.12.20 is affected by the vulnerability Remote Command Execution using CSV Injection. This allows a public user to inject commands as a part…
For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it’s first official report January 29, 2018 or it’s official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.5 and below have the Application Denial of Service (DoS)…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: WP Security Audit Log Plugin Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google…
For your WordPress protection, be informed about the latest WordPress Core vulnerabilities, fixed in WordPress 4.9.5 Security and Maintenance Release from April 3, 2018. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: NextGEN Gallery BYPASS reported by Dewhurst Security. In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. immediately upgrade to version 2.2.50 to fix the vulnerability Category Order and Taxonomy Terms Order A1: Injection…
For your WP Security, be informed about the latest vulnerabilities in WordPress themes: Enfold Theme Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton https://www.dogsbodytechnology.com/. The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Splashing Images Authenticated PHP Object Injection reported by Dewhurst Security. The /admin/partials/wp-splashing-admin-main.php in the wp-splashing-images plugin before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized…