Security News

WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities (Threatpost)
2017-01-12 17:38

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

Tales of WordPress Plugin Insecurity Overblown, Researchers Say (Threatpost)
2016-12-16 15:00

The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it's not as bad as it seems, experts claim.

DDoS attacks via WordPress now come with encryption (Help Net Security)
2016-12-14 13:51

Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the...

WordPress Plugins Leave Black Friday Shoppers Vulnerable (Threatpost)
2016-11-22 14:55

Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.

Backdoor Uploaded to WordPress Sites via eCommerce Plugin Zero-Day (SecurityWeek)
2016-10-18 08:51

Safe browsing checks fail as 16,000 WordPress sites hacked this year (The Register)
2016-09-23 06:20

Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads (Threatpost)
2016-09-20 14:22

A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.

Every WordPress site needs this security plugin (TechRepublic)
2016-09-12 20:49

Wordpress urges users to update now to fix critical security holes (ZDNet)
2016-09-09 10:03

WordPress Flaw Allows XSS Attack via Image Filenames (SecurityWeek)
2016-09-08 17:18