Securing WordPress with a Web Application Firewall: NinjaFirewall (WP Edition).
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner: A powerful antivirus scanner for WordPress.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
An introduction to NinjaFirewall filtering engine.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
WordPress Mesmerize and Materialis themes fixed an authenticated options change vulnerability.
The WordPress Mesmerize (60,000+ active installations) and Materialis (10,000+ active installations) themes fixed a vulnerability that could allow authenticated users to modify WordPress core options in the database.
Multiple vulnerabilities in WordPress IgniteUp/Coming Soon and Maintenance Mode plugin.
The WordPress IgniteUp/Coming Soon and Maintenance Mode plugin, which has 30,000+ active installations, was prone to multiple vulnerabilities in version 3.4 and below that could lead to arbitrary file deletion, stored XSS, information disclosure, HTML injection in email and CSRF, among a few other issues.
Privilege escalation vulnerability fixed in WordPress CartFlows plugin.
The WordPress Funnel Builder by CartFlows plugin, which has 30,000+ active installations, fixed a privilege escalation vulnerability affecting version 1.3.0 and below.
WordPress and the evil RELOCATE.
A few days ago I found the following directive inside the WordPress configuration file of one of our customers: define(‘RELOCATE’, true);
Authenticated settings change vulnerability in YIT Plugin Framework.
An authenticated settings change vulnerability in the YIT Plugin Framework v3.3.8 and below, used in several dozen WordPress plugins, could allow logged-in users to change the plugin options.
Multiple vulnerabilities fixed in WordPress GiveWP plugin.
The WordPress GiveWP plugin, which has 70,000+ active installations, fixed several vulnerabilities affecting version 2.5.9 and below.
Multiple WordPress plugins vulnerable to HTML injection.
Multiple plugins offering to convert WordPress’ default plain text emails to HTML format were found to be vulnerable to HTML injection, which could lead to phishing or CSRF attacks.
Multiple vulnerabilities in Sliced Invoices plugin.
The WordPress Sliced Invoices plugin, which has 6,000+ active installations, was prone to multiple vulnerabilities in version 3.8.2 and below.
Zero-day vulnerability exploited in WordPress Lara Google Analytics plugin.
The WordPress Lara Google Analytics plugin, which has 20,000+ active installations, was prone to an authenticated stored XSS vulnerability.
Stored XSS vulnerability in WordPress Download Plugins and Themes from Dashboard plugin.
The WordPress Download Plugins and Themes from Dashboard plugin, which has 10,000+ active installations, was prone to an unauthenticated stored XSS vulnerability in version 1.5.0 and below.