WordPress Plugin Vulnerability News – Page 12

WordPress Plugin Developer Security Advisory: 10Web

Posted on 11 November 2022 by

One of the little understood realities of security issues with WordPress plugins is that the insecurity of them is not evenly spread across those plugins. Instead, many developers are properly securing their plugins and others get them properly secured when Continue reading WordPress Plugin Developer Security Advisory: 10Web→

100,000+ Install WordPress Plugin Custom Permalinks Has Been Phoning Home to Developer for Over Two Years

Posted on 11 November 2022 by

The 100,000+ active install WordPress plugin Custom Permalinks has been phoning home to the developer with information about the websites it is installed on for over two years, despite it being in violation of the rules for the WordPress Plugin Continue reading 100,000+ Install WordPress Plugin Custom Permalinks Has Been Phoning Home to Developer for Over Two Years→

WooCommerce Fraud Prevention Plugin’s Functionality Can Be Disabled by Anyone Logged in to WordPress

Posted on 10 November 2022 by

With the security of WordPress plugins, those that extend the functionality of the ecommerce plugin WooCommerce would seem like they would be more secure than the average plugin, seeing as security should be important for software on websites handling money Continue reading WooCommerce Fraud Prevention Plugin’s Functionality Can Be Disabled by Anyone Logged in to WordPress→

Cyber Insurance Isn’t the Solution for the Insecurity of WordPress Websites

Posted on 10 November 2022 by

To get to a better place when it comes to the security of WordPress websites, as well as security more broadly, a critical element would be good security journalism. That isn’t happening. Take this clickbaity headline from The Register two Continue reading Cyber Insurance Isn’t the Solution for the Insecurity of WordPress Websites→

Avoid Confusing the Cause and Effect of a Hacked WordPress Website by Having It Properly Cleaned

Posted on 9 November 2022 by

A recent review for the WordPress plugin Protect uploads claimed the plugin was a virus and recently had malicious code added to it: Do not download. The plugin has been changed not too long ago and it now infects your Continue reading Avoid Confusing the Cause and Effect of a Hacked WordPress Website by Having It Properly Cleaned→

New WordPress Plugin Vulnerability Data Sources Are Just Copies of Existing Inaccurate Sources

Posted on 8 November 2022 by

Last week, we wrote about confusion over whether a claimed vulnerability in a WordPress plugin exists if it hasn’t been mentioned by a particular data source. That was in the context of a developer claiming there wasn’t a vulnerability in Continue reading New WordPress Plugin Vulnerability Data Sources Are Just Copies of Existing Inaccurate Sources→

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31