Your WordPress News Dashboard

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023) - Wordfence Blog

Last week, there were 82 vulnerabilities disclosed in 59 WordPress Plugins and 11 WordPress themes, along with 6 in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 26 Vulnerability Researchers that contributed to… Continue Reading →

Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign - Wordfence Blog

The Wordfence Threat Intelligence team has been monitoring an increase in attacks targeting a Cross-Site Scripting vulnerability in Beautiful Cookie Consent Banner, a WordPress plugin installed on over 40,000 sites. The vulnerability, which was fully patched in January in version… Continue Reading →

WordPress Vulnerability Report – May 24, 2023 - iThemes

On May 20, 2023, WordPress 6.2.2 was released to address a regression — a bug introduced in 6.2.1 that broke shortcode functionality — as well as a security issue. Because 6.2.2 is a security release, you should update your sites… Continue Reading →

W3 Eden Addresses Authenticated Stored XSS Vulnerability in Download Manager WordPress Plugin - Wordfence Blog

On April 25, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in W3 Eden’s Download Manager plugin, which is actively installed on more than 100,000 WordPress websites, making… Continue Reading →

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023) - Wordfence Blog

Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those… Continue Reading →

PSA: Attackers Actively Exploiting Critical Vulnerability in Essential Addons for Elementor - Wordfence Blog

On May 11 2023, Essential Addons for Elementor, a WordPress plugin with over one million active installations, released a patch for a critical vulnerability that made it possible for any unauthenticated user to reset arbitrary user passwords, including user accounts… Continue Reading →

WordPress Vulnerability Report – May 17, 2023 - iThemes

This week, WordPress 6.2.1 was released — the first security and maintenance update for the 6.2 version line. This release patched 5 security vulnerabilities, including Cross-Site Scripting (XSS), Cross-site request forgery (CSRF), and path traversal vulnerabilities. If you have your… Continue Reading →

WordPress Core 6.2.1 Security & Maintenance Release – What You Need to Know - Wordfence Blog

On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities. These patches have been backported to every… Continue Reading →

What is a Command Injection? - iThemes

The ubiquitous client-server architecture of the web provides hackers with a vast attack surface, leaving both the website and the server vulnerable to malicious exploitation. Security risks increase significantly if a website is configured to communicate with the host’s environment… Continue Reading →

The Complete WordPress Security Guide 2023 – Step by Step - WordPress Arena

Note: You don’t need any other WordPress Security guide if you follow all the steps mentioned in this guide. Originally created for bloggers, WordPress has become a widely-used platform for website development and content management due to its ease of… Continue Reading →

WordPress Vulnerability Report – May 10, 2023 - iThemes

This week, 66 vulnerabilities may affect over 5.8 million WordPress sites. There are 42 plugin vulnerabilities and five in themes that have security patches available, so run those updates! Additionally, there are 18 plugin vulnerabilities and one theme with no… Continue Reading →

What is Directory Traversal? - iThemes

By tricking a web server into exposing otherwise restricted information, attackers can gain a powerful tool to compromise a system and cause significant damage. Directory traversal is a common method used to achieve this. An attempt to navigate outside the… Continue Reading →

The Beginning of the End of Passwords - iThemes

Yesterday, Google announced “The Beginning of the End of the Password.” By this time next year, you may not be using passwords anymore. The Great Password Extinction is Already Underway Imagine a world without passwords. You can still log into… Continue Reading →

WordPress Vulnerability Report – May 3, 2023 - iThemes

This week, 162 vulnerabilities may affect over 8 million WordPress sites. There are 74 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 88 plugin vulnerabilities with no patch available yet…. Continue Reading →

What is Ransomware? - iThemes

In today’s digital age, businesses rely heavily on their online presence to connect with their customers and boost revenue. Losing access to your website can have disastrous consequences, potentially causing significant financial losses and irreparable damage to your business reputation…. Continue Reading →

WordPress Vulnerability Report – April 26, 2023 - iThemes

This week, 160 vulnerabilities may affect over 8 million WordPress sites. There are 68 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 92 plugin vulnerabilities with no patch available yet…. Continue Reading →

What is Session Hijacking? - iThemes

Session hijacking is a type of cyberattack that WordPress site owners need to know about. Also known as TCP session hijacking, session hijacking allows attackers to pretend to be a logged-in user on a website. The attacker takes over a… Continue Reading →

WordPress Vulnerability Report – April 19, 2023 - iThemes

This week, 116 vulnerabilities may affect over 6 million WordPress sites. There are 67 plugin vulnerabilities and 2 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 45 plugin vulnerabilities and 2… Continue Reading →

Content Security Policy (CSP) Explained - iThemes

With the rapid evolution of cybersecurity threats, relying on a single layer of defense is no longer sufficient to safeguard your online presence. This makes it imperative for website owners to have a multi-layered security approach, which is best represented… Continue Reading →

WordPress Vulnerability Report – April 12, 2023 - iThemes

This week, 79 vulnerabilities may affect over 6.6 million WordPress sites. There are 55 plugin vulnerabilities and 5 themes with security patches available, so run those updates if you use these plugins! Additionally, there are 19 plugin vulnerabilities with no… Continue Reading →

What is Cross-Site Request Forgery (CSRF)? - iThemes

Cross-Site Request Forgery (CSRF or XSRF) vulnerabilities are rarely high or critical in their severity ratings. They still can do a lot of harm, however. They’ve been the second most common WordPress vulnerability in recent years after Cross-Site Scripting (XSS)… Continue Reading →

WordPress Vulnerability Report – April 5, 2023 - iThemes

This week, the total number of patched and unpatched vulnerabilities is low but still may affect over 3.5 million WordPress sites. There are 51 plugin vulnerabilities and one theme with security patches available, so run those updates if you use… Continue Reading →

How to Stop Bad Bots: A Guide For WordPress Users - iThemes

Half of all internet traffic isn’t human activity — it’s bots. Spambots, search bots, Twitterbots, and DDoS bots are just a few common types of web robots. They’re everywhere in the online world, and not all of them are bad…. Continue Reading →

What is a File Inclusion Attack? - iThemes

Any tool can be used with good or bad intentions, and file inclusion is no different. WordPress is built with PHP, a server-side programming language that uses file inclusion as a method of writing code that can be pulled into… Continue Reading →

WordPress Vulnerability Report – March 29, 2023 - iThemes

This week, the total patched and unpatched vulnerabilities may impact well over 8 million WordPress sites. There are 58 plugin vulnerabilities with security patches available, so run those updates if you use these plugins! Additionally, there are 25 plugin vulnerabilities… Continue Reading →

© 2023 WP News Desk — Powered by WordPress and WP RSS Aggregator | Hosted by WP Engine

Up ↑