Best WordPress Hosting
 

Category Archives: PV

The Right Ways to Protect Against Exploitation of Vulnerabilities Like the One in Elementor Pro

Posted on by

Earlier this week, it was disclosed that a fairly serious vulnerability had been fixed in the commercial WordPress plugin Elementor Pro. As described by the discoverer, NinTechNet, the developer failed to implement basic security in the code, leading to the Continue reading The Right Ways to Protect Against Exploitation of Vulnerabilities Like the One in Elementor Pro

Not Really a WordPress Plugin Vulnerability, Week of March 31

Posted on by

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of March 31

Not Really a WordPress Plugin Vulnerability, Week of March 17

Posted on by

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of March 17

These Jetpack Security Features Won’t Protect Against the Unfixed SQL Injection Vulnerability They Disclosed

Posted on by

Yesterday, we wrote about how Automattic’s Jetpack has been telling people an authenticated SQL injection vulnerability had been fixed in a WordPress plugin, while the vulnerability still exists. In their post, they recommended that people update the plugin despite that Continue reading These Jetpack Security Features Won’t Protect Against the Unfixed SQL Injection Vulnerability They Disclosed

BBQ Firewall Also Fails to Prevent SQL Injection Attack

Posted on by

In November, we wrote about how reviews for a WordPress security plugin were claiming that it protected against SQL injection, but testing showed it didn’t. A new review for another plugin, BBQ Firewall, which we happened across, made the same Continue reading BBQ Firewall Also Fails to Prevent SQL Injection Attack

A Web Host’s ModSecurity WAF Probably Isn’t a Reliable Source of Protection for Your WordPress Website

Posted on by

When it comes to security solutions for WordPress websites, the results of testing we do to see if security plugins provide protection against real vulnerabilities in WordPress plugins are a strong indication that people are not using security solutions based Continue reading A Web Host’s ModSecurity WAF Probably Isn’t a Reliable Source of Protection for Your WordPress Website

Patchstack is Falsely Claiming a “High Severity” Vulnerability Exists in a WP Plugin Based on Inaccurately Copied Info From Wordfence

Posted on by

Providing accurate information on vulnerabilities in WordPress plugins can require a lot of work, but doing the work avoids causing false alarms for users of plugins and for the developers of them. Unfortunately, security companies can cut corners, claim to Continue reading Patchstack is Falsely Claiming a “High Severity” Vulnerability Exists in a WP Plugin Based on Inaccurately Copied Info From Wordfence

Wordfence’s Solution to Their Firewall Incorrectly Blocking Legitimate Request is to Disable Needed Protection

Posted on by

In our testing, the most popular security-only WordPress security plugin Wordfence Security fails to provide as much protection as other much less popular security plugins. Making the situation worse is that it introduces a significant performance penalty over security plugins Continue reading Wordfence’s Solution to Their Firewall Incorrectly Blocking Legitimate Request is to Disable Needed Protection

Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Posted on by

In late January, an unfixed vulnerability in a WordPress plugin with 40,000+ installs started to receive widespread exploitation attempts and many websites were hacked. The hacking was in part caused by multiple WordPress security providers, including Wordfence, WPScan, and Patchstack, Continue reading Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Not Really a WordPress Plugin Vulnerability, Week of March 10

Posted on by

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of March 10

WordPress’ Manual Review Fails to Notice Security Provider’s Plugin Is Both Completely Broken and Is Fundamentally Insecure

Posted on by

When someone goes to submit a plugin to the WordPress Plugin Directory, they are told it will go through a manual review before it is allowed in: After your plugin is manually reviewed, it will either be approved or you Continue reading WordPress’ Manual Review Fails to Notice Security Provider’s Plugin Is Both Completely Broken and Is Fundamentally Insecure

You Can’t Trust WordPress Plugin Developers’ Claims That Their Plugins Are Free of Security Vulnerabilities

Posted on by

In December, we wrote about how to check if WordPress plugins are secure. One of the things we mentioned that you can’t rely on is claims made by plugin developers about their handling of security. As a recent issue with Continue reading You Can’t Trust WordPress Plugin Developers’ Claims That Their Plugins Are Free of Security Vulnerabilities

Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

Posted on by

Last week, Wordfence disclosed the details of an authenticated persistent cross-site scripting (XSS) vulnerability they had found in a popular WordPress plugin with 3+ million installs (as well as something else that wasn’t really a vulnerability). There were some things Continue reading Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

You Need to Make Sure Proof of Concepts for Vulnerabilities in WordPress Plugins You Use Have Been Tested

Posted on by

Are you relying on a security provider to warn about vulnerabilities in WordPress plugins you use? Are you not testing out the proof of concepts for those vulnerabilities because the security provider claims they are verifying things for you or Continue reading You Need to Make Sure Proof of Concepts for Vulnerabilities in WordPress Plugins You Use Have Been Tested

Bleeping Computer’s Bill Toulas Spreads Common Misconception About Impact of SQL Injection Vulnerabilities in WordPress Plugins

Posted on by

We often see confusion over the potential impact of one type of vulnerability, SQL injection, that can exist in WordPress plugins. The confusion seems to stem in part from the name of the vulnerability, though that doesn’t explain it entirely. Continue reading Bleeping Computer’s Bill Toulas Spreads Common Misconception About Impact of SQL Injection Vulnerabilities in WordPress Plugins

Not Really a WordPress Plugin Vulnerability, Week of February 17

Posted on by

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of February 17

Hacker Looking for Usage of 10Web WordPress Plugin That Contains Type of Vulnerability That Hackers Target

Posted on by

In June 2021, the WordPress security provider Patchstack announced that they were partnering with WordPress plugin provider and web host 10Web. Patchtack claimed that they and 10Web were working together to “help strengthen the WordPress ecosystem.” It was a curious Continue reading Hacker Looking for Usage of 10Web WordPress Plugin That Contains Type of Vulnerability That Hackers Target

WordPress Plugin Security Review: ShortPixel Image Optimizer

Posted on by

For our 41st security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin ShortPixel Image Optimizer. If you are not yet a customer of the service, once you sign up for the service as Continue reading WordPress Plugin Security Review: ShortPixel Image Optimizer

AI Can Help to Catch Vulnerabilities in WordPress Plugins, but It Doesn’t Change Developers Bad Handling of Them

Posted on by

A week ago, the developers of the 200,000+ install WordPress plugin Fluent Forms tried to address a security issue in the plugin, but failed, leaving a vulnerability in the plugin. You wouldn’t know about that from various WordPress plugin vulnerability Continue reading AI Can Help to Catch Vulnerabilities in WordPress Plugins, but It Doesn’t Change Developers Bad Handling of Them