Home Tags Wordpress

Tag: wordpress

WordPress Fixes CSRF, XSS Bugs, Announces Bug Bounty Program

WordPress fixed six vulnerabilities with version 4.7.5 and announced a bug bounty program with HackerOne this week.

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain.

Intercede announces Secure Login for WordPress

RapID Secure Login enables WordPress users to easily access their accounts without insecure and cumbersome passwords Lutterworth, England/Reston, VA, 8th May 2017 – Today, digital identity and credentials expert, Intercede announced the launch of RapID Secure Login (RapID-SL), a Plugin for WordPress that enables administrators and subscribers to log into websites and blogs with fingerprints instead of usernames and passwords.

By eliminating the use of insecure passwords, users are provided with superior usability and more... Source: RealWire

Unpatched WordPress Password Reset Vulnerability Lingers

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user's password and in turn, gain access to their account.

Interpol unplugs nearly 9,000 Asian command and control networks

WordPress plug-in bug exploited in eight countries An Interpol investigation has revealed a worrying degree of insecurity in sout-east Asian countries, with even government-operated Web servers infected to operate as command and control systems for bot-herders.…

Ars is hiring an experienced Web developer

Note: You won't be troubleshooting print drivers unless you're into that sort of thing.

Fake SEO Plugin Used In WordPress Malware Attacks

Malware that passes itself off as a WordPress SEO plugin has been infecting sites and opening a backdoor for hackers on thousands of sites.

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities

WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.

WordPress fixes XSS, CSRF flaws in latest core update

It’s been a bad few weeks to be a WordPress administrator, with a number of security updates to the core content management system and a handful of widely used third-party plugins.

Get those patches before someone comes along and defaces your website, steals information from the database, or modifies the site to distribute malware.The latest update, version 4.7.3, is a combination maintenance release and security update that addresses six security vulnerabilities and 39 maintenance issues.

Three of the six security vulnerabilities can lead to cross-site scripting attacks.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld’s Security Report newsletter. ]“This is a security release for all previous versions, and we strongly encourage you to update your sites immediately,” WordPress said in its release notification.To read this article in full or to leave a comment, please click here

WordPress 4.7.3 Updates for Six Security Issues

The open-source WordPress blogging and content management system fixes six vulnerabilities, including three Cross Site Scripting flaws.

VU#608591: PHP FormMail Generator generates code vulnerable to multiple issues

PHP forms generated using the PHP FormMail Generator are vulnerable to stored cross-site scripting and unrestricted upload of dangerous file types.