WordPress Security

11 readers
5 users here now

Discussion about WordPress security without all the falsehoods.

founded 1 year ago
MODERATORS
[email protected]
listing: all - local
1
3
WooCommerce Vulnerability Listed as Being Fixed in Upcoming Release Was Already Fixed (www.pluginvulnerabilities.com)
submitted 8 months ago by [email protected] to c/[email protected]
0 comments fedilink
2
3
AI Helps to Detect Incomplete Security Fix Being Made to 1+ Million Install WordPress Plugin WP File Manager (www.pluginvulnerabilities.com)
submitted 8 months ago by [email protected] to c/[email protected]
0 comments fedilink
3
2
NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins (www.pluginvulnerabilities.com)
submitted 8 months ago by [email protected] to c/[email protected]
0 comments fedilink
4
2
Arbitrary File Upload Vulnerability in AI Engine (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
5
2
Hacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
1 comments fedilink
6
2
SQL Injection Vulnerability in Booking Calendar (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
7
7
WordPress Plugin Team Appears to Not Understand Proper Use of SQL Escaping Function esc_sql() (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
8
1
Hacker Targeted WordPress Backup Plugin Didn't Actually Get Fix for Log File Disclosure (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
9
6
Cloudflare Still Providing DNS Service for WordPress Security Team Impersonation Scam (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
10
3
Nearly 10 Year Old Vulnerability Fixed in WordPress Security Plugin All-In-One Security (AIOS) (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
11
3
Be aware that CleanTalk is putting out misleading information about vulnerabilities in WordPress plugins. (lemmy.world)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
 
 

They recently claimed that a vulnerability in a WordPress plugin exposed WordPress users passwords. It didn't, only password hashes. That is significantly different.

WPScan also claimed that the vulnerability allowed "account takeover," despite that being unlikely to happen there.

12
1
Wordfence Claims It Is a Vulnerability For Users With the unfiltered_html Capability to Use Unfiltered HTML (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
13
1
WordPress Security Providers Falsely Claimed Cloudflare's Plugin Contained Vulnerability (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
14
2
Bug Introduced in WordPress 6.4.3 Highlights a Problem With Fixing Vulnerabilities That Are Not Really Vulnerabilities (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
15
1
Arbitrary File Upload Vulnerability in BERTHA AI (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
16
2
Elementor is Still Providing Access to Security Nonces to WordPress Users Who Shouldn’t Have Them (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
17
1
How To Secure a WordPress Plugin You Use (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
18
1
Hacker Targeting Incompletely Fixed Vulnerability in 100,000+ Install WordPress Plugin Cookie Information (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
19
3
Cloudflare Only Added One Firewall Rule for a WordPress Plugin Vulnerability Last Year and It Was Eight Months Late (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
20
0
What to do If Someone is Claiming There is a Vulnerability in Your WordPress Plugin (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
21
1
Wordfence Claims Unfixed WordPress Plugin Vulnerability Has Been Fixed in Version That Doesn't Even Exist (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
22
1
Contrary to Bleeping Computer Story, Hackers Don't Seem to Have Targeted Security Issue in Better Search Replace (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
23
1
How to Use the sanitize_callback When Using the WordPress register_setting() Function (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
24
1
Catching a Future Vulnerability in a WordPress Plugin With Our Plugin Security Checker (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
25
2
Wordfence is Claiming It Is a Critical Vulnerability for WordPress Administrators to Upload Arbitrary Files (www.pluginvulnerabilities.com)
submitted 9 months ago by [email protected] to c/[email protected]
0 comments fedilink
view more: next ›