The WordPress Shortlinks by Pretty Links plugin, which has over 200,000 active installations, was prone to stored XSS and CSV injection vulnerabilities in version 2.1.9 and below.
The WordPress Crelly Slider plugin, which has 20,000+ active installations, was prone to an authenticated arbitrary file upload vulnerability in version 1.3.4 and below.
The WordPress User Submitted Posts plugin (30,000+ active installations) was prone to an arbitrary file upload vulnerability in version 20190426 and below.
We are seeing today a lot of hacked WordPress blogs due to a critical vulnerability in the WordPress YellowPencil Visual CSS Style Editor plugin which has 30,000+ active installations.
Hackers are currently actively exploiting a vulnerability in the WordPress Related Posts plugin, which has 60,000+ active installations.
Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.
A vulnerability in WordPress Social Sharing Plugin – Social Warfare is currently exploited.
The popular Easy WP SMTP plugin, which as 300,000+ active installations, was prone to a critical zero-day vulnerability.
WP-CLI is a command line interface for WordPress. It is a nice and very helpful tool if you want to manage a lot of WordPress installations from a Unix shell.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.