Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.
September 19, 2020 NinjaFirewall (Pro+/Pro) v4.1 NinjaFirewall can now scan ZIP archives. If you have enabled the “Allow uploads, but block dangerous files” firewall policy, you…
The WordPress Kali Forms plugin (30,000+ active installations) fixed multiple vulnerabilities affecting version 2.1.2 and below.
The WordPress Brizy Page Builder plugin (60,000+ active installations) fixed a broken access control vulnerability affecting version 1.0.125 and below that could allow any authenticated user to gain full access to the editor.
For the past six months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as a few recommendations for developers.