Really Simple SSL Plugin Adds Free Vulnerability Detection

Really Simple SSL, a popular plugin used on more than five million sites for installing SSL certificates, handling website migrations, mixed content, redirects, and security headers, has added a new feature in its most recent major update. Version 7.0.0 introduces vulnerability detection as part of a partnership with WP Vulnerability, an open source, free API… Continue reading Really Simple SSL Plugin Adds Free Vulnerability Detection

WooCommerce Stripe Gateway Plugin Patches Security Vulnerability in 7.4.1

Patchstack is reporting an Insecure Direct Object References (IDOR) vulnerability in WooCommerce Stripe Gateway, the most popular WooCommerce Stripe payment plugin with more than 900,000 active users. It was discovered by Patchstack researcher Rafie Muhammad on April 17, 2023, and patched by WooCommerce on May 30, 2023, in version 7.4.1. The security advisory describes the… Continue reading WooCommerce Stripe Gateway Plugin Patches Security Vulnerability in 7.4.1

#79 – Robert Abela on How to Keep Your WordPress Website Secure

Transcript [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in this case, how to keep your WordPress website secure. If you’d like to subscribe to… Continue reading #79 – Robert Abela on How to Keep Your WordPress Website Secure

WordPress 6.2.2 Restores Shortcode Support in Block Templates, Fixes Security Issue

WordPress 6.2.2 was released early this morning as a rapid follow-up to 6.2.1, which introduced a bug that broke shortcode support in block templates. Version 6.2.1 was also an important security release, but due to the catastrophic breakage for those using shortcodes in block templates, some users were implementing insecure workarounds or simply downgrading to… Continue reading WordPress 6.2.2 Restores Shortcode Support in Block Templates, Fixes Security Issue

WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities

WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today. This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined by core contributor and release co-lead Jb Audras: Block themes parsing shortcodes in user generated… Continue reading WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities

Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability

Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been… Continue reading Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability

Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability

Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched by ACF developers in version 6.1.6 in April. Patchstack published a security bulletin and Muhammad… Continue reading Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability

WooCommerce Payments Plugin Patches Critical Vulnerability That Would Allow Site Takeover

WooCommerce Payments, a plugin that allows WooCommerce store owners to accept credit and debit card payments and manage transactions inside the WordPress dashboard, has patched an Authentication Bypass and Privilege Escalation vulnerability with a 9.8 (Critical) CVSS score. The plugin is active on more than 500,000 websites. Beau Lebens, WooCommerce’s Head of Engineering, published an… Continue reading WooCommerce Payments Plugin Patches Critical Vulnerability That Would Allow Site Takeover

Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022

Patchstack, a WordPress security maintenance and management tool, has published its “State of WordPress Security” whitepaper for 2022, tracking a few key metrics on publicly reported vulnerabilities. The findings highlight the risk of using unmaintained themes and plugins along with developers’ need to keep pace with updates to libraries and dependencies included in their work.… Continue reading Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022

All In One SEO Patches Multiple Stored XSS Vulnerabilities in Version 4.3.0 

Wordfence has published the details of two stored XSS vulnerabilities the company responsibly disclosed to the developers of the All In One SEO plugin in January 2023. The vulnerabilities potentially impacted more than 3 million users on versions 4.2.9 and earlier. One vulnerability, which received a 6.4 (Medium) CVSS score, Wordfence attributes to insufficient input… Continue reading All In One SEO Patches Multiple Stored XSS Vulnerabilities in Version 4.3.0