WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.
The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.
WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.
Last week, we reported about a critical zero-day flaw in WordPress that was silently patched by the company before hackers have had their hands on the nasty bug to exploit millions of WordPress websites.
To ensure the security of millions of websites and its users, WordPress delayed the vulnerability disclosure for over a week and worked closely with security companies and hosts to install
WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week
Last week, WordPress patched three security flaws, but just yesterday the company disclosed about a nasty then-secret zero-day vulnerability that let remote unauthorized hackers modify the content of any post or page within a WordPress site.
The nasty bug resides in WordPress REST API that would lead to the creation of two new vulnerabilities: Remote privilege escalation and Content injection
WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week.
A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.
A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.