WordPress latest security fixes.
The latest security fixes in WordPress themes and plugins.
Author: NinTechNet
NinTechNet changelog.
August 11, 2019 NinjaFirewall (WP+/WP) v4.0.2 Added a new policy to enable the “SameSite” flag on cookies in order to protect against cross-site request forgery (CSRF)…
Critical vulnerability in WordPress Kiwi Social Sharing plugin actively exploited.
A critical vulnerability in the WordPress WordPress Kiwi Social Sharing plugin <2.0.11 (30,000+ active installations) is currently exploited since December 6th.
Critical vulnerability in WP GDPR Compliance plugin massively exploited.
A critical vulnerability in the WordPress WP GDPR Compliance plugin (100k+ active installations) is currently massively exploited.
NinjaScanner Troubleshooting.
NinjaScanner should work out-of-the-box in most cases, but some hosting restrictions, e.g., server resource limits or security policies, may prevent it from working as expected. We will see in this article the most common issues a user may experience.
Arbitrary file upload vulnerability in WordPress Ultimate Member plugin.
A critical vulnerability in the popular WordPress Ultimate Member plugin allows allows attackers to upload any files, including PHP backdoors.
NinjaFirewall and the General Data Protection Regulation (GDPR).
The purpose of this document is to inform you about how to be compliant with the General Data Protection Regulation (GDPR).
NinjaFirewall (Pro/Pro+ Edition) v3.3 new user interface.
NinjaFirewall (Pro/Pro+ Edition) v3.3 has a brand new user interface. It is responsive, makes use of Bootstrap and jQuery, and looks pretty much like our website…
Arbitrary file upload vulnerability in WordPress LearnDash LMS plugin.
While cleaning up several hacked WordPress blogs, we identified a critical zero-day vulnerability in the LearnDash LMS plugin v2.5.3 (https://www.learndash.com/) that allows an unauthenticated user to…
Phishing attack targeting Magento shop owners.
A phishing attack has been targeting Magento shop owners for the past 24 hours attempting to steal their login credentials. A so-called customer sends a “Invalid…