Many CVE Records Are Listing the Wrong Versions of Software as Being Affected (www.pluginvulnerabilities.com)
The Security Industry Isn't All That Interested in Security (www.pluginvulnerabilities.com)
YouTuber Falsely Claims You Can Easily Prevent WordPress Websites From Getting Hacked With Solid Security (www.pluginvulnerabilities.com)
OC Exploited Vulnerability in WordPress Plugin Vulnerability Shows Importance of Robust Firewall Protection (www.pluginvulnerabilities.com)
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
OC How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t (www.pluginvulnerabilities.com)
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
Wordfence's False Claim of Vulnerability in WordPress Plugin Everest Backup Leads to Serious Real Vulnerability (www.pluginvulnerabilities.com)
News Outlet Claims WordPress Plugin Contained Vulnerability Because an Administrator Could Access the Website's Database (www.pluginvulnerabilities.com)
Is This Spam Post Creation Vulnerability in Themify Builder What a Hacker Would Be Interested In? (www.pluginvulnerabilities.com)
3 WordPress Firewall Plugins Stop Recent Widely Exploit Vulnerability in tagDiv Composer Plugin (www.pluginvulnerabilities.com)
Another Hacker Targeted WordPress Plugin Still in Plugin Directory Despite Publicly Disclosed Unfixed Exploitable Vulnerability (www.pluginvulnerabilities.com)
Wordfence Security Increases Protection in October Test of WordPress Security Plugins' Zero-Day Protection (www.pluginvulnerabilities.com)
Hacker Targeted WordPress Plugin Still in Plugin Directory Despite Publicly Disclosed Unfixed SQL Injection Vulnerability (www.pluginvulnerabilities.com)
WPMU DEV and Their Partner Patchstack Didn't Handle Security Vulnerability in 400,000+ Install Plugin Well (www.pluginvulnerabilities.com)
OC Security Provider CloudFlare Providing Service for Phishing Campaign Targeting WordPress Websites (www.pluginvulnerabilities.com)
A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
OC Plugin That is Part of Patchstack’s Vulnerability Disclosure Program (VDP) Is Still Adding Vulnerable Code (www.pluginvulnerabilities.com)
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
OC Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed (www.pluginvulnerabilities.com)
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
OC Siteground’s Security Plugin’s Advanced XSS Protection Isn’t Protection, Advanced or Otherwise (www.pluginvulnerabilities.com)
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
OC 300,000+ Install Widgets for Google Reviews WordPress Plugin Doesn’t Contain a High Risk Arbitrary File Upload Vulnerability (www.pluginvulnerabilities.com)
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
OC What Impact Does Two-Factor Authentication (2FA) Have On Hackings Through WordPress Plugin Vulnerabilities? (www.pluginvulnerabilities.com)
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
OC WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That (www.pluginvulnerabilities.com)
OC Changes WordPress Plugin Developers and Patchstack Can Take to Better Handle Vulnerabilities (www.pluginvulnerabilities.com)
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to
OC Developer of WP Fastest Cache Obliquely Discloses SQL Injection Vulnerability, Fix Isn’t Generally Available (www.pluginvulnerabilities.com)
Yesterday, the developer of the 1+ million install WordPress plugin WP Fastest Cache committed a change to the plugin in the Subversion repository underlying the WordPress Plugin Directory that fixed
OC Latest WordPress Plugin to Include Firewall Provides Almost No Protection Against Zero-Days (www.pluginvulnerabilities.com)
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the defa