Marieke van de Rakt Marieke van de Rakt is the founder of Yoast Academy and CEO of Yoast. Her favorite SEO topics are SEO copywriting and site structure. The Yoast SEO plugin helps you to easily optimize the text of your posts and pages. People use it to try and get...
All issues can be triggered by unauthenticated users: - Arbitrary File Deletion - HTML injection & CSRF in email messages - Stored Cross-Site Scripting - Disclosure of subscribers' email address - Arbitrary subscriber deletion - Arbitrary plugin’s template...
Today we are announcing Password Policy Manager 2.0! We are very excited about this release. Finally, WordPress multisite network administrators can also enforce strong password policies.In this update we have also added the new first time login password change...
If you own a WordPress-powered website or are considering using WordPress as your CMS, you may be concerned about potential WordPress security issues. In this post, we’ll outline a few of the most common WordPress security vulnerabilities, along with steps you can...
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new...
There is nothing scarier than your WordPress site being compromised and you feel helpless not knowing what to do to protect your WordPress site from Hackers. It takes a toll on your business, your revenue, your brand’s reputation and you even lose your sleep over it....
When users uninstall the WP Security Audit Log plugin from their WordPress website we ask them why they would like to uninstall the plugin. The most common answer is we no longer need it. In other words, the website administrator no longer needs to keep a log of...
Hubspot found that 82% of a consumer survey would leave a website that was not secure. Four steps to get started on security, and why it will help your SEO.
The post Why website security affects SEO rankings (and what you can do about it) appeared first on Search Engine Watch.
Integrating your WordPress sites with HubSpot’s best-in-class marketing tools just got even better, as HubSpot recently made a number of updates to its popular plugin for WordPress. The plugin, which integrates HubSpot’s top-rated CRM, Marketing, Sales, and Customer...
tid parameter vulnerable to SQLi. Note (WPScanTeam): v6.1 has been pathed directly in the tags (https://plugins.trac.wordpress.org/browser/wp-google-places-review-slider/tags/6.1/admin/partials/templates_posts.php#L58). However the the issue can be verified with...
fixed in version 2.2.14 fixed in version 2.3.15 fixed in version 1.3.15 fixed in version 1.3.12 fixed in version 1.7.1 fixed in version 1.3.21 fixed in version 1.3.7 fixed in version 1.4.9 fixed in version 1.3.6 fixed in version 1.2.11 fixed in version 1.2.13 fixed in...
WP Security Audit Log 3.5.1 is a release with a few improvements and bug fixes. It also features the new filters and sorting options for the Severity column in the activity log viewer. Read on to find out what is new and improved in this update of the #1 WordPress...
Proof of Concept # Exploit Title: Wordpress Groundhogg <= 2.0.8.1 Authenticated Reflected XSS Vulnerability # Date: 22-10-2019 # Exploit Author: Lucian Ioan Nitescu # Contact: https://twitter.com/LucianNitescu # Webiste: https://nitesculucian.github.io # Vendor...
Recently I noticed a weird bug in my free WordPress security plugin, Banhammer. For some reason, I could not select any text on the page. Usually when you click and move the mouse cursor over some text, it becomes highlighted and displayed in some other color. But...
This entry was posted in Vulnerabilities, WordPress Security on October 22, 2019 by Matt Barry 2 RepliesDescription: Stored XSSCVSS Severity Score: 6.1 (Medium)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NAffected Software:...
Description: Open RedirectCVSS v3.0 Score: 7.1 (High)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LAffected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter FeedPlugin Slugs:...
Dealing with a WordPress Malware Redirect Hack, in general, is always a frustrating experience. The malware can come in many forms and present itself with different symptoms, so to speak. It can change the layout of your site, something referred to as defacing, it can...
Description- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods...
This entry was posted in Podcasts on October 16, 2019 by Kathy Zant 0 Replies This week, we cover WeWork’s failed IPO and financial woes and how this likely led to Meetup’s introduction of an RSVP fee. We discuss why this decision doesn’t bode well...
The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure. Like any security release, users should update immediately to the...
WordPress 5.2.4 is now available! This security release fixes 6 security issues.WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have...
