Email remains the top attack vector and the biggest challenge for WordPress Security. WP Security threats range from SPAM that clogs inboxes and wastes resources until EMAIL FRAUD that can cost organisations and people millions of euros. The modern exploitation threat landscape also includes a variety of Web-based threats like…
WP Security
Over the last year, cybercriminals increased their use of social engineering, scaling up people-centred threats and attacks that rely on human interaction and dialled down the automated exploits. Founding new ways to exploit “the human factor” — the instincts of curiosity and trust that lead well-intentioned people to click, divulge,…
When you enlist our EUROPEAN EMERGENCY WordPress Services team to run disaster audits, it’s important to determine which solutions and processes we’re using to actively identify threats. After all, disaster audits (WordPress hack removal, WordPress deface removal) are reactive efforts to detect persistent threats that have evaded existing security controls….
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Redirection Authenticated Local File Inclusion reported by Ryan (Dewhurst Security). ACE via file inclusion in Redirection allows admins to execute any PHP file in the filesystem. If you are logged in as an administrator on any site…
For your WordPress protection, be informed about the NEW UNPATCHED WordPress Core vulnerability. Publicly known since its first official report on June 26, 2018 or it’s official disclosure 7 months ago. All versions of WordPress starting with the latest 4.9.6 and below have the Authenticated Arbitrary File Deletion vulnerability. WordPress…
For your WP Security, be informed about the latest vulnerabilities in WordPress themes: BBE Theme Direct Object Reference reported by Ryan (Dewhurst Security). The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor. immediately upgrade to version 1.53 to fix the vulnerability
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Form Maker by WD CSV Injection reported by Ryan (Dewhurst Security). Custom Forms version 1.12.20 is affected by the vulnerability Remote Command Execution using CSV Injection. This allows a public user to inject commands as a part…
For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it’s first official report January 29, 2018 or it’s official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.5 and below have the Application Denial of Service (DoS)…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: WP Security Audit Log Plugin Sensitive Information Disclosure reported by Colette Chamberland (https://www.defiant.com; @cjchamberland). No protection on the wp-content/uploads/wp-security-audit-log/*; which is indexed by google and allows for attackers to possibly find user information (bad login attempts). Google…