#InternetSecurity #websitesecurity #wordpresssecurity

Theme Editor <= 2.1 – Multiple Vulnerabilities

DescriptionVersions 2.1 and lower of the "theme-editor" plugin are affected by multiple vulnerabilities such as CSRF, insufficient permission checking, arbitrary file upload and the ability to interact with folders/files on the server in most ways you can imagine. These vulnerabilities (aside from CSRF) require access to any account,...

Read More

WordPress Vulnerability Roundup: September 2019, Part 2

Several new WordPress plugin and theme vulnerabilities were disclosed during the last half of September, so we want to keep you aware. In this post, we cover recent WordPress plugin and theme vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. We divide the WordPress Vulnerability Roundup...

Read More

Visualizer < 3.3.1 – Stored XSS

DescriptionBy abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart....

Read More

Rich Reviews Plugin Discontinued after Vulnerabilities Exploited in the Wild

After tracking exploits of a zero day XSS vulnerability in the Rich Reviews plugin for WordPress, Wordfence is recommending that users remove it from their websites. The company estimates that there are 16,000 active installations vulnerable to unauthenticated plugin option updates: Attackers are currently abusing this exploit chain to inject...

Read More

GiveWp < 2.5.5 – Authentication Bypass

Description"The weakness allowed unauthenticated users to bypass API authentication methods and potentially access personally identifiable user information (PII) like names, addresses, IP addresses, and email addresses which should not be publicly accessible."...

Read More

Choosing the right HTTPS certificate for your WordPress website

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay for one. Let’s dive right...

Read More

Authentication Bypass Vulnerability in GiveWP Plugin

Description: Authentication Bypass with Information DisclosureCVSS v3.0 Score: 7.5 (High)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NAffected Plugin: GiveWPPlugin Slug: giveAffected Versions:Patched Version: 2.5.5A few weeks ago, our Threat Intelligence team discovered a vulnerability present in GiveWP, a...

Read More

How to use WordPress: Answering 12 common WordPress questions

Remkus de Vries Remkus is Manager of Partnerships at Yoast and also focusses on our Translate Yoast site. Additionally, he works on the WordPress Project organizing and mentoring WordCamps. WordPress is huge. According to the latest stats, WordPress powers almost 35% of the web — and growing quickly. With so many sites using the CMS and so...

Read More

SEO News and More

SEO News and More