Security News

LoginID announced the launch of its WordPress plugin. The plugin is free to install, and enables websites powered by WordPress to install strong passwordless authentication in five clicks.

An SQL-injection vulnerability discovered in a WordPress plugin called "Spam protection, AntiSpam, FireWall by CleanTalk" could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker. Spam protection, AntiSpam, FireWall by CleanTalk is installed on more than 100,000 sites, and is mainly used to weed out spam and trash comments on website discussion boards.

More than 580 WordPress vulnerabilities were disclosed in 2020, but a vast majority of them impact third-party plugins and themes rather than the WordPress core, according to a new report from website security company Patchstack. The report is based on data from Patchstack's WordPress vulnerability database, which includes information collected by the company's internal research team and its bug bounty community, by third-party cybersecurity vendors, and by independent security researchers.

A proposal by a WordPress core contributor to treat Google's FLoC ad tech as a security vulnerability, and therefore backport an automatic opt-out to previous WordPress versions, shows the depth of community opposition to the technology. Now a WordPress Core contributor has proposed treating "FLoC as a security concern."

WordPress has released version 5.7.1 of its popular content management system, which brings more than 25 bug fixes, including patches for two security vulnerabilities. One of the patched security flaws is an XML External Entity vulnerability in the ID3 library in PHP 8, which is used by WordPress.

WordPress announced today that they are treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.

WordPress announced today that they are treating Google's new FLoC tracking technology as a security concern and may block it by default on WordPress sites. After Google began testing FLoC this month in Google Chrome, there has been a consensus among privacy advocates that Google's FLoC implementation just replaces one privacy risk with another one.

Exploit acquisition company Zerodium announced last week that it's temporarily offering $300,000 for high-impact WordPress exploits. The company typically offers $100,000 for WordPress RCE exploits, the same amount as for Webmin, Plesk, and cPanel/WHM exploits.

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit developers and sellers with a $300,000 payout, three times more than the regular price.

Security researchers have spotted counterfeit versions of the jQuery Migrate plugin injected on dozens of websites which contains obfuscated code to load malware. Js and present at the exact locations where JavaScript files are normally present on WordPress sites but are in fact malicious.