Even if WordPress 5.3 isn’t a security release there are still some interesting new security related updates in this version. Trusted CA Bundle Update The root CA bundle has been updated with new CA:s and some removed. The downside is thought that there is still some 1024 bit RSA CA certificates still in the bundle …
Building on the robust infrastructure of WordPress 5.1, another release is in the offing at the end of this month. Perhaps the most crucial thing to note with the new update – WordPress 5.2 – is that all users would have to upgrade their version of PHP to PHP 5.6.20. Following the release of …
It has been reported by W3Techs that about one-third of the top ten million sites on the web is powered by WordPress. The WordPress market share has experienced tremendous steady growth in the last few years. There has been an increase from 29.9% to 33.4% within a year. That is a great improvement. The state …
The WordPress open-source content management system, CMS, will indicate warning in its backend admin panel whenever the site is being run on an out-of-date PHP version. The plan in place is to make the warnings display for sites making use of a PHP version preceding the 5.6.x branch (<=5.6). There will be an inclusion of …
WordPress to Show Warnings on Servers Running Outdated PHP Versions Read More »
The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this …
Vulnerability in WordPress WP GDPR Compliance plugin Read More »
Except for the “Try Gutenberg” callout in the just released WordPress version 4.9.8 there are a ton of privacy fixes. The 4.9.8 WordPress release includes a total of 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in 4.9.6. Some of the privacy fixes include: The …
The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms …
WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at …
You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:
The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – …