For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: NextGEN Gallery BYPASS reported by Dewhurst Security. In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. immediately upgrade to version 2.2.50 to fix the vulnerability Category Order and Taxonomy Terms Order A1: Injection…
wp security
For your WP Security, be informed about the latest vulnerabilities in WordPress themes: Enfold Theme Rewrite Portfolio Permalink Structure & Information Disclosure reported by Dan Benton https://www.dogsbodytechnology.com/. The changelog describes two security fixes: a security issue that would allow an attacker to export your enfold [theme] settings AND a security…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Splashing Images Authenticated PHP Object Injection reported by Dewhurst Security. The /admin/partials/wp-splashing-admin-main.php in the wp-splashing-images plugin before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized…
For your WordPress protection, be informed about the latest WordPress Core vulnerability IS STILL UNPATCHED since it’s first official report January 29, 2018 or it’s official disclosure date: Monday, February 5, 2018. All versions of WordPress starting with the latest 4.9.4 and below have the Application Denial of Service (DoS)…
On 6 February, 2018, WordPress 4.9.4 was released to the public. This maintenance release fixes a severe bug in 4.9.3, which will cause sites that support automatic background updates to fail to update automatically, and will require manual action to be updated to 4.9.4. We strongly encourage you to update…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: Church Admin Unauthenticated Directory Traversal reported by malwrforensics.com. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software…
For your WordPress protection, be informed about the latest WordPress Core vulnerability, fixed in WordPress 4.9.2 Security and Maintenance Release from January 16, 2018. WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). MediaElement has released a new version that contains a fix for the…
WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files…
For your WP Security, be informed about the latest vulnerabilities in WordPress plugins: WP Mailster Cross-Site Scripting (XSS) reported by Dewhurst Security. The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. immediately update to version 1.5.5 to fix vulnerability…