A new vulnerability has been discovered in the popular plugin UpdraftPlus. The plugin has more than 3 millon active installations currently and the vulnerability has a CVE identifier reserved as CVE-2022-23303. The developers behind updraftplus has made an announcement: “an update was pushed to Premium users within the hour”. Marc-Alexandre Montpas the cyber security researcher […]
UpdraftPlus WordPress plugin vulnerability Read More »
Cyber Security Researcher Cyku Hong from the Taiwan-based company DEVCORE has found a serious security vulnerability in the WordPress plugin WP Statistics. This plugin is installed on over 600,000 websites and the flaw makes it possible for an attacker to conduct an SQL-injection attack. The SQL-injection attack can be used to read sensitive information such as
Security flaw in WP Statistics Plugin Read More »
A critical security vulnerability was recently discovered in the Essential Addons for Elementor, a plugin that has over a million active installations on the WordPress plugin repository. The plugin is used to “enhance your Elementor page building experience with 80+ creative elements and extensions“. One of those “creative elements” is the dynamic and product gallery
Essential Addons for Elementor has a critical security hole Read More »
WordPress is constantly being improved in order to provide a smoother, speedier, and more secure solution to users. Trying to keep up with every new update, such as the recent WordPress 5.9 “Joséphine” performance improvements, can feel a little overwhelming. However, the latest release comes with a handful of noteworthy features. The update includes both
WordPress 5.9 Performance Improvements Read More »
AccessPress hack underlines the importance of core file monitoring Core file integrity monitoring is when a tool is in place that ensures WordPress application files are changed only during an actual WordPress upgrade. Plugins, themes or other 3rd party code should never alter core files. The Jetpack security team discovered that 93 AccessPress WordPress add-ons
AccessPress hack underlines the importance of core file monitoring Read More »
WordPress is one of the most popular Content Management Systems (CMSs) globally, powering more than half of websites that use CMSs we know. Unfortunately, being an incredibly convenient, user-friendly, and robust solution doesn’t automatically translate to being completely secure. With cybercrime on the rise, it’s more important than ever to take careful, proactive, and preventative
5 Security Features We Wish Were Included in WordPress Read More »
The latest major releases of PHP have bought massive changes to the programming language. Starting from PHP 7, we’ve seen significant performance improvements. Some benchmarks even point to versions 7-8 being twice as fast as their predecessors. However, most of the websites that use PHP are still stuck with old versions of the language. Upgrading
98.7 Percent of the Web Is Using Outdated Versions of PHP Read More »
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code for projects like Go, PHP, Python, JavaScript and many more programming languages. The vulnerability
WordPress and Trojan Source Read More »
Update: A new CRS 4 has been released. These instructions are for CRS 3 and no longer work. In CRS 4, exclusion lists have been replaced with plugins. In this guide, you will learn how to install and protect WordPress using the Open Source Web Application Firewall (WAF) ModSecurity. We will also install the latest
Protecting WordPress with Open Source Web Application Firewall ModSecurity Read More »
On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short
WooCommerce Unauthenticated SQL Injection Vulnerability Read More »