Category: WordPress Security News

March 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

Overview of WordPress Vulnerabilities Published in March 2017 March was a very busy month in terms of published advisories. A security update of WordPress was released, WordPress 4.7.3, and more than 40 WordPress plugin vulnerability advisories were published. The majority of them are from the Summer of Pwnage project, which were identified last year but released […]

February 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

In this second monthly roundup of WordPress core, plugins and themes reported vulnerabilities for 2017 we had just a few vulnerabilities. Are things getting better? I’d like to hope so but it seems it is not the case. Just read the developer’s response to the security issue that was reported in his premium WordPress theme […]

January 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup

In this first monthly roundup of WordPress core, plugins and themes reported vulnerabilities for 2017 we had a good number of WordPress plugins  and vulnerabilities reported. This vulnerabilities and security issues roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. […]

September 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup

This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of September 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Recap of Vulnerabilities in September 2016 When […]

August 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup

This is a monthly roundup of all the WordPress core, WordPress plugins and WordPress themes vulnerabilities reported during the month of August 2016. This roundup is made possible through WP Security Bloggers, an aggregate of popular WordPress security blogs and websites that publish WordPress security news and updates. Subscribe to the WP Security Bloggers daily […]

WordPress REST API and the Security Worries

The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the […]

Was Your WordPress Website Hacked by WP White Security?

We have seen a number of successful WordPress hack attacks where a WordPress user was created with an email address support@wpwhitesecurity.com. Such hacks are not done by us. Read this article for more information about these type of attacks.

Sucuri WordPress Website Firewall Bypass

This blog post shows how Rafay Baloch, a leading security professional was able to bypass the Sucuri website firewall and exploit a cross-site scripting vulnerability on a website protected by the same web application firewall.

Collective WordPress Plugins Security Advisory Addresses XSS Vulnerability

A cross-site scripting vulnerability has been discovered in a number of WordPress plugins and today all of them have released updates to address this issue. Read this article for more details.

Using Media to Improve WordPress Security

Media can have a big impact on WordPress security. As we have learnt from last week’s WordPress SEO plugin vulnerability, if media is used effectively more users will keep their plugins up to date, which also means more secure.