WordPress Simple:Press plugin fixed critical vulnerabilities.

The WordPress Simple:Press plugin (600+ active installations) fixed a broken access control vulnerability affecting version 6.6.0 and below that could lead to unauthenticated arbitrary file upload and remote code execution.

Posted on September 22, 2020 - 4:57pm [+0700]
Malware

When some developers of WordPress plugin and theme go rogue.

While cleaning-up a hacked WordPress site, we found that some malicious code was added to the theme by its developers.

25 WordPress plugins vulnerable to CSRF attacks.

Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.

The impact of an XSS vulnerability on WordPress: How hackers exploit XSS vulnerabilities to create admin accounts on your blog.

With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.

Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations).

Critical zero-day vulnerability fixed in WordPress File Manager (700,000+ installations). Update immediately.