Bill Toulas – wp-expert

Best WordPress Hosting

Contrary to Bleeping Computer Story, Hackers Don’t Seem to Have Targeted Security Issue in Better Search Replace

Posted on 26 January 2024 by

Yesterday, the Bleeping Computer ran a story headlined “Hackers target WordPress database plugin active on 1 million sites,” written by Bill Toulas. The plugin being referenced was Better Search Replace, which had a security change in the latest version. There Continue reading Contrary to Bleeping Computer Story, Hackers Don’t Seem to Have Targeted Security Issue in Better Search Replace→

Many CVE Records Are Listing the Wrong Versions of Software as Being Affected

Posted on 22 January 2024 by

A couple of weeks ago, the Bleeping Computer ran a story claiming that over 150,000 websites were vulnerable due to a vulnerability that had been in a WordPress plugin. That count was based in part in believing that all previous Continue reading Many CVE Records Are Listing the Wrong Versions of Software as Being Affected→

Bleeping Computer’s Bill Toulas Falsely Blames WordPress Plugin When Sucuri Fails to Protect Their Customers

Posted on 27 April 2023 by

As we have noted in the past, the GoDaddy owned security provider Sucuri keeps writing blog posts about what has happened to their customers’ websites after they have been hacked. They seem uninterested in how those websites were hacked, despite Continue reading Bleeping Computer’s Bill Toulas Falsely Blames WordPress Plugin When Sucuri Fails to Protect Their Customers→

Security Journalists Baselessly Claim Millions of WordPress Sites at Risk From Recent Vulnerability

Posted on 6 April 2023 by

Last week, a story about a recent fixed vulnerability in Elementor Pro from the news outlet Bleeping Computer was headlined with the claim that the plugin had 11 million installs, “Hackers exploit bug in Elementor Pro WordPress plugin with 11M Continue reading Security Journalists Baselessly Claim Millions of WordPress Sites at Risk From Recent Vulnerability→

Bleeping Computer’s Bill Toulas Spreads Common Misconception About Impact of SQL Injection Vulnerabilities in WordPress Plugins

Posted on 27 February 2023 by

We often see confusion over the potential impact of one type of vulnerability, SQL injection, that can exist in WordPress plugins. The confusion seems to stem in part from the name of the vulnerability, though that doesn’t explain it entirely. Continue reading Bleeping Computer’s Bill Toulas Spreads Common Misconception About Impact of SQL Injection Vulnerabilities in WordPress Plugins→

“New” Linux Malware Attempting to Exploit WordPress Plugin Vulnerabilities is Actually Years Old

Posted on 10 January 2023 by

Recently the security news outlet Bleeping Computer ran a story from Bill Toulas with the headline “New Linux malware uses 30 plugin exploits to backdoor WordPress sites”, but the only cited source for the story, Doctor Web stated that it Continue reading “New” Linux Malware Attempting to Exploit WordPress Plugin Vulnerabilities is Actually Years Old→