WordPress 5.1.1 is now available for automatic upgrade or download. This new WordPress version is a security and maintenance release. The release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in WordPress 5.2 (read more here). The release also includes security fixes that …
The WordPress open-source content management system, CMS, will indicate warning in its backend admin panel whenever the site is being run on an out-of-date PHP version. The plan in place is to make the warnings display for sites making use of a PHP version preceding the 5.6.x branch (<=5.6). There will be an inclusion of …
WordPress to Show Warnings on Servers Running Outdated PHP Versions Read More »
WordPress 5.0.1 is now available and it is a security release for all versions since WordPress 3.7. We strongly encourage you to update all your sites immediately. Plugin authors are also encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. Since some of the vulnerabilities covered in 5.0.1 might affect plugins. WordPress versions 5.0 and earlier are …
The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this …
Vulnerability in WordPress WP GDPR Compliance plugin Read More »
Except for the “Try Gutenberg” callout in the just released WordPress version 4.9.8 there are a ton of privacy fixes. The 4.9.8 WordPress release includes a total of 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in 4.9.6. Some of the privacy fixes include: The …
The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms …
WordPress 4.9.2 is now available for download. This release is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your sites immediately. We also recommend using WPScans.com to scan your WordPress installation. This release contains a critical security fix for a XSS security bug in the Media Elements library …
WPSec can now detect at least three different backdoored WordPress plugins. The plugins are: Duplicate Page and Post 2.1.0-2.1.1 No Follow All External Links 2.1.0-2.3.0 WP No External Links 4.2.1-4.3 We recommend that you run the free scan available at www.wpsec.com
Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, …
How to sniff WordPress login credentials with Wireshark over an HTTP connection Read More »
WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at …