Security News

Fake SEO plugin backdoors WordPress installations (Help Net Security)
2017-04-03 15:33

Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations. The plugin in question is named WP-Base-SEO, and is a forgery of a...

WordPress Content Injection Flaw Makes XSS Bug More Severe (SecurityWeek)
2017-03-15 10:39

WordPress REST API Bug Could Be Used in Stored XSS Attacks (Threatpost)
2017-03-14 15:43

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

WordPress 4.7.3 Patches Half-Dozen Vulnerabilities (Threatpost)
2017-03-07 20:40

WordPress released version 4.7.3 which patches six vulnerabilities including one that could be chained with the REST API Endpoint vulnerability.

Six Flaws Patched With Release of WordPress 4.7.3 (SecurityWeek)
2017-03-07 08:40

Put down the coffee, stop slacking your app chaps or whatever and patch Wordpress (The Register)
2017-03-07 01:55

Ask a Security Professional: WordPress Database Security Part Two — Best Practices (InfoSecIsland)
2017-03-02 14:30

By following WordPress database security best practices, you become a better WordPress admin and a more effective guardian of the data in your website.

WordPress photo plugin opens 'a million sites' to SQLi database feasting (The Register)
2017-03-01 21:24

Ask a Security Professional: WordPress Database Security Part One — Anatomy of WordPress (InfoSecIsland)
2017-03-01 19:07

Part One of #AskSecPro is an introduction to some of the infrastructure behind WordPress.

Million-Plus WordPress Sites Exposed by Vulnerable Plugin (Threatpost)
2017-03-01 12:00

The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.