WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.
Tag Archives: wordpress
Million-Plus WordPress Sites Exposed by Vulnerable Plugin
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure
WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.
Thousands of WordPress Sites Hacked Using Recently Disclosed Vulnerability
Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites.
To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install
Attackers Capitalizing on Unpatched WordPress Sites
WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week
Critical WordPress REST API Bug: Prevent Your Blog From Being Hacked!
Last week, WordPress patched three security flaws, but just yesterday the company disclosed about a nasty then-secret zero-day vulnerability that let remote unauthorized hackers modify the content of any post or page within a WordPress site.
The nasty bug resides in WordPress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection
WordPress 4.7.2 Update Fixes XSS, SQL Injection Bugs
WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week.
WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities
A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.
PHPMailer Bug Leaves Millions of Websites Open to Attack
A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.