Your WordPress News Dashboard

Episode 107: Two Plugin Vulnerabilities Target File Upload Capabilities - Wordfence Blog

The Wordfence Threat intelligence team finds vulnerabilities in two plugins, the User Profile Picture plugin and the WooCommerce Upload Files plugin. WordPress 5.7 is set to release on Tuesday, March 9 with numerous enhancements for the block editor, a new… Continue Reading →

Critical Vulnerability Patched in WooCommerce Upload Files - Wordfence Blog

On December 29, 2020, the Wordfence Threat Intelligence team was alerted to a potential 0-day vulnerability in the WooCommerce Upload Files plugin, an add-on for WooCommerce with over 5,000 installations. Please note that this is a separate plugin from the… Continue Reading →

Episode 106: Admin Password Resets, Blockchain Botnets and a Central Management RCE - Wordfence Blog

WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code… Continue Reading →

Episode 104: Cryptography Demystified - Wordfence Blog

This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for… Continue Reading →

Episode 101: Supporting Remote Students with Free Site Audits & Cleanings - Wordfence Blog

Wordfence announces a new program offering free site cleaning and site audits to public schools in the United States. We talk about why we’re offering this program and how to help schools take advantage of it. We also talk about… Continue Reading →

Episode 98: How Application Passwords Work in WordPress 5.6 - Wordfence Blog

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by… Continue Reading →

Episode 96: Hosting Provider Failures and Incident Response Preparedness - Wordfence Blog

Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site… Continue Reading →

Episode 94: Hosting Provider Exposed 63 Million Customer Records - Wordfence Blog

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and… Continue Reading →

Episode 92: WordPress Forced Security Autoupdate Protects Sites from Loginizer Vulnerability - Wordfence Blog

An easily exploitable SQL injection vulnerability was discovered in the Loginizer plugin installed on over one million WordPress sites, causing the WordPress team to force an update to sites using the vulnerable version. The Justice Department is filing antitrust suit… Continue Reading →

© 2021 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑