July 29, 2021 NinjaFirewall (WP+/WP) v4.4 The “Full WAF” mode can be configured to exclude some directories. That can be done from the “NinjaFirewall > Dashboard”…
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
The Product Input Fields for WooCommerce plugin (5,000+ active installations) fixed a high severity vulnerability that could allow an unauthenticated user to download any file from the blog, including the WordPress configuration file.
The WordPressWP Security Audit Log plugin, (100,000+ active installations), fixed a vulnerability that could lead to privilege escalation, sensitive data exposure and insecure deserialization.
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.