A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
Yesterday, the developer of the 1+ million install WordPress plugin WP Fastest Cache committed a change to the plugin in the Subversion repository underlying the WordPress Plugin Directory that fixed
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the defa
@davidbisset Lots of current plugins are also insecure, so switching plugins isn't necessarily going to make things more secure. The best approach is to use a plugin that has gotten its security reviewed and any issues addressed, but how many clients are open to spending on proactive security?
OC Security Provider CloudFlare Providing Service for Phishing Campaign Targeting WordPress Websites (www.pluginvulnerabilities.com)
A recent phishing campaign is targeting administrators of WordPress websites, trying to get them to install malicious code on websites. The phishing campaign was reported to be using the domain name e
OC Plugin That is Part of Patchstack’s Vulnerability Disclosure Program (VDP) Is Still Adding Vulnerable Code (www.pluginvulnerabilities.com)
In September, we wrote about how the WordPress plugin POST SMTP, which has 300,000+ installs, still contained SQL injection issues months after a public claim of a vulnerability involving that (and st
OC Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed (www.pluginvulnerabilities.com)
In the middle of August, we publicly warned that the WordPress plugin WooODT Lite contained an authenticated option update vulnerability, which would allow logged-in attackers to change arbitrary Word
OC Siteground’s Security Plugin’s Advanced XSS Protection Isn’t Protection, Advanced or Otherwise (www.pluginvulnerabilities.com)
SiteGround recently rebranded their SiteGround Security plugin for WordPress to Security Optimizer. That plugin has 1+ million installs according to WordPress.org stats. Like a lot of security plugins
OC 300,000+ Install Widgets for Google Reviews WordPress Plugin Doesn’t Contain a High Risk Arbitrary File Upload Vulnerability (www.pluginvulnerabilities.com)
One of the ways we keep track of possible vulnerabilities in WordPress plugins is to monitor the WordPress Support Forum for discussions related to those. Today, there was a concerning claim of a high
OC What Impact Does Two-Factor Authentication (2FA) Have On Hackings Through WordPress Plugin Vulnerabilities? (www.pluginvulnerabilities.com)
On the WordPress Support Forum, someone asked not that long ago if two-factor authentication (2FA) would prevent websites being hacked through security flaws in WordPress plugins? It's a good question
OC WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That (www.pluginvulnerabilities.com)
OC Changes WordPress Plugin Developers and Patchstack Can Take to Better Handle Vulnerabilities (www.pluginvulnerabilities.com)
Part of how we keep track of vulnerabilities in WordPress plugins is by monitoring the WordPress support forum for relevant topics. What we are seeing a lot these days are developers who are trying to
OC Exploited Vulnerability in WordPress Plugin Vulnerability Shows Importance of Robust Firewall Protection (www.pluginvulnerabilities.com)
Over the weekend, we had an attacker try to exploit a local file inclusion (LFI) vulnerability that was recently fixed in the WordPress plugin Blog Designer Pack on our website. We are not running the
OC Developer of WP Fastest Cache Obliquely Discloses SQL Injection Vulnerability, Fix Isn’t Generally Available (www.pluginvulnerabilities.com)
Yesterday, the developer of the 1+ million install WordPress plugin WP Fastest Cache committed a change to the plugin in the Subversion repository underlying the WordPress Plugin Directory that fixed
OC How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t (www.pluginvulnerabilities.com)
When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn't work when a hacker finds
OC Latest WordPress Plugin to Include Firewall Provides Almost No Protection Against Zero-Days (www.pluginvulnerabilities.com)
One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the defa