WordPress Security

14 readers
1 users here now

Discussion about WordPress security without all the falsehoods.

founded 11 months ago
MODERATORS
PluginVulnerabilities
listing: all - local
1
3
WooCommerce Vulnerability Listed as Being Fixed in Upcoming Release Was Already Fixed (www.pluginvulnerabilities.com)
submitted 7 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
2
3
AI Helps to Detect Incomplete Security Fix Being Made to 1+ Million Install WordPress Plugin WP File Manager (www.pluginvulnerabilities.com)
submitted 7 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
3
2
NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins (www.pluginvulnerabilities.com)
submitted 7 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
4
2
Arbitrary File Upload Vulnerability in AI Engine (www.pluginvulnerabilities.com)
submitted 7 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
5
2
Hacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite (www.pluginvulnerabilities.com)
submitted 7 months ago by PluginVulnerabilities to c/wordpresssecurity
1 comments fedilink
6
2
SQL Injection Vulnerability in Booking Calendar (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
7
7
WordPress Plugin Team Appears to Not Understand Proper Use of SQL Escaping Function esc_sql() (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
8
1
Hacker Targeted WordPress Backup Plugin Didn't Actually Get Fix for Log File Disclosure (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
9
6
Cloudflare Still Providing DNS Service for WordPress Security Team Impersonation Scam (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
10
3
Nearly 10 Year Old Vulnerability Fixed in WordPress Security Plugin All-In-One Security (AIOS) (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
11
3
Be aware that CleanTalk is putting out misleading information about vulnerabilities in WordPress plugins. (self.wordpresssecurity)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
 
 

They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn't, only password hashes. That is significantly different.

WPScan also claimed that the vulnerability allowed "account takeover," despite that being unlikely to happen there.

12
1
Wordfence Claims It Is a Vulnerability For Users With the unfiltered_html Capability to Use Unfiltered HTML (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
13
1
WordPress Security Providers Falsely Claimed Cloudflare's Plugin Contained Vulnerability (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
14
2
Bug Introduced in WordPress 6.4.3 Highlights a Problem With Fixing Vulnerabilities That Are Not Really Vulnerabilities (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
15
1
Arbitrary File Upload Vulnerability in BERTHA AI (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
16
2
Elementor is Still Providing Access to Security Nonces to WordPress Users Who Shouldn’t Have Them (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
17
1
How To Secure a WordPress Plugin You Use (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
18
1
Hacker Targeting Incompletely Fixed Vulnerability in 100,000+ Install WordPress Plugin Cookie Information (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
19
3
Cloudflare Only Added One Firewall Rule for a WordPress Plugin Vulnerability Last Year and It Was Eight Months Late (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
20
0
What to do If Someone is Claiming There is a Vulnerability in Your WordPress Plugin (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
21
1
Wordfence Claims Unfixed WordPress Plugin Vulnerability Has Been Fixed in Version That Doesn't Even Exist (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
22
1
Contrary to Bleeping Computer Story, Hackers Don't Seem to Have Targeted Security Issue in Better Search Replace (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
23
1
How to Use the sanitize_callback When Using the WordPress register_setting() Function (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
24
1
Catching a Future Vulnerability in a WordPress Plugin With Our Plugin Security Checker (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
25
2
Wordfence is Claiming It Is a Critical Vulnerability for WordPress Administrators to Upload Arbitrary Files (www.pluginvulnerabilities.com)
submitted 8 months ago by PluginVulnerabilities to c/wordpresssecurity
0 comments fedilink
view more: next ›