A MASSIVE distributed brute force attack campaign aimed only at WordPress sites started THIS MORNING at 3 AM UTC (Coordinated Universal Time), (3 AM United Kingdom, England; 4 AM Germany; 5 AM Romania). It uses a large number of attacking IPs, and each IP is generating a huge number of…
wp security
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Qards Stored Cross-Site Scripting (XSS) + Server Side Request Forgery (SSRF) reported by theMiddle https://mobile.twitter.com/Menin_TheMiddle. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web…
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s ongoing commitment to security…
For your WordPress protection, be informed about the latest WordPress Core vulnerability, fixed in security release WordPress 4.8.3 from October 31, 2017. This bug creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to account takeovers. If this sounds familiar,…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Content Timeline Multiple Blind SQL Injection reported by Jeroen (IT Nerdbox). One unauthenticated and two authenticated injections in the premium ‘Content Timeline’ WP plugin. Author contacted twice without any response. remove this plugin to fix vulnerabilities, as…
For your WordPress protection, be informed about the latest WordPress Core vulnerabilities fixed in security release WordPress 4.8.2 from September 2017. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly…
For your WP Security, be informed about the latest vulnerabilities in WP plugins: Participants Database Cross site scripting (XSS) reported by Benjamin Lim (https://limbenjamin.com). Exploit allows attackers to inject arbitrary Javascript via the Name parameter. immediately update to version 1.7.5.9 to fix vulnerability Display Widgets Backdoored reported by Jonas Lejon…
For your WordPress protection, be informed about the latest vulnerabilities in WP plugins: AddToAny Share Buttons Conditional Host Header Injection reported by Paul Dannewitz. It’s possible to inject a custom Host-Header, that will be used for building the link, which is going to be shared on Social Media platforms when…
Highly obvious hacking. Because they can and because they have a message. And the message will be clearly visible on the homepage of your website. Mostly, hackers usually replace only the homepage with their own message. Replacing back the homepage to your old version is not the solution. You need…