One of the little understood realities of security issues with WordPress plugins is that insecurity of WordPress plugins is not evenly spread across them. Instead, many developers are properly securing their plugins and others get them properly secured when alerted Continue reading WordPress Plugin Developer Security Advisory: mndpsingh287
One of the little understood realities of security issues with WordPress plugins is that insecurity of WordPress plugins is not evenly spread across them. Instead, many developers are properly securing their plugins and others get them properly secured when alerted Continue reading WordPress Plugin Developer Security Advisory: Genetech Solutions
One of the ways we are able to provide our customers with better information on vulnerabilities in WordPress plugins than our competitors is by monitoring the WordPress Support Forum for topics related to that. In addition to information useful for Continue reading WordPress Support Forum Moderator Falsely Claims That There Are Not Plugins With Known Unfixed Vulnerabilities in WordPress Plugin Directory
The latest version of the WordPress security plugin All In One WP Security & Firewall fixed a minor security vulnerability. While there is an extensive changelog for that version, there doesn’t appear to be any mention of that. Take a Continue reading Developers of 1+ Million Install WordPress Security Plugin All In One WP Security & Firewall Not Disclosing Change in Ownership
In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic Continue reading Not Really a WordPress Plugin Vulnerability, Week of April 15
The Wordfence Security plugin is promoted with the claim that its firewall stops websites from getting hacked: Powered by the constantly updated Threat Defense Feed, Wordfence Firewall stops you from getting hacked. [Read more] ShareTweetSharePostSharePin It!
On Februrary 28, we publicly warned that the WordPress plugin Mistape had what appeared to have a backdoor added in its latest release. Part of the code would contact the developer’s website and let them know if the plugin was Continue reading A Month Later, WordPress Still Hasn’t Taken Action for Websites With Backdoored Plugin They Distributed
A week ago we had what look to be a hacker probing for the WordPress plugin Press Elements on one of our websites through a request for the following file. /wp-content/plugins/press-elements/package.json [Read more] ShareTweetSharePostSharePin It!
On August 9, 2021, a security update was released for the WordPress plugin Favicon by RealFaviconGenerator, which has 200,000+ installs. The changelog for that was: Fix XSS security issue, reported by WPSpan.com. See https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9?fbclid=IwAR2aRMXRjbGm9ppoI9tM-OHm26Q0ax4yt0MkcP5sp0-pz9D4eVIEHQwvG1Y [Read more] ShareTweetSharePostSharePin It!
Two months ago, a review of the WordPress plugin Category Specific RSS feed Subscription was made with the title “Exploit?” with this information provided: Lot’s of bots are looking for this file used with this plugin: [Read more] ShareTweetSharePostSharePin It!
For our 38th security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin FiboSearch. If you are not yet a customer of the service, once you sign up for the service as a paying Continue reading WordPress Plugin Security Review: FiboSearch
For our 37th security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin reSmush.it Image Optimizer. If you are not yet a customer of the service, once you sign up for the service as Continue reading WordPress Plugin Security Review: reSmush.it Image Optimizer
Among the many problems caused by the WordPress security industry is plugin developers having to deal with false claims that plugins are vulnerable. An example of that involved not just a WordPress security player, but two major names in the Continue reading Patchstack, cPanel, and Plesk Falsely Claimed Fixed Vulnerability in WordPress Plugin Hadn’t Been Fixed
A month ago, GoDaddy was in the news after announcing a data breach of information for customers using their managed WordPress hosting service. What was lacking in the coverage of that is that GoDaddy owns a major web security provider, Continue reading GoDaddy (Though Sucuri) Spreads Misinformation About Recently Fixed Vulnerabilities in All in One SEO
Malcare is like a lot of providers in the WordPress security space, they make extraordinary claims that don’t really make a lot of sense if you have a basic grasp of security. Either the people behind those providers don’t understand Continue reading Our Firewall Plugin Provides What Malcare Claims Isn’t Available in a WordPress Security Plugin