For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.
NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
The WordPress Secure File Manager plugin (1,000 active installations) is prone to an authenticated remote code execution vulnerability affect version 2.5 and below.
The WordPress Ultimate Reviews plugin (2,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1.32 and below that could lead to unauthenticated PHP object injection.
The WordPress GDPR CCPA Compliance Support plugin (1,000+ active installations) fixed an insecure deserialization vulnerability affecting version 2.1 and below that could lead to unauthenticated PHP object injection.
The WordPress TI WooCommerce Wishlist plugin (70,000+ installations) fixed a critical Zero-Day vulnerability affecting version 1.21.11 and below that could allow an attacker to take over the blog and its database.
Very often, when we clean up a hacked WordPress website, we found hidden admin users created by the attackers. In this post, we will see how hackers manage to create and hide them.