Advisories have been issued regarding vulnerabilities discovered in two of the most popular WordPress contact form plugins, potentially affecting over 1.1 million installations. Users are advised to update their plugins to the latest versions. +1 Million WordPress Contact Forms Installations The affected contact form plugins are Ninja Forms, (with over 800,000 installations) and Contact Form … Read more
A vulnerability advisory was issued about two WordPress themes found on ThemeForest that could allow a hacker to delete arbitrary files and inject malicious scripts into a website. Two WordPress Themes Sold On ThemeForest The two WordPress themes with vulnerabilities are sold on ThemeForest and together they have over a half million sales. The two … Read more
WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro warned that a SQL Injection vulnerability allows unauthenticated attackers to extract sensitive information from a website database. Dokan Pro WordPress Plugin The Dokan Pro plugin allows user … Read more
The majority of WordPress vulnerabilities, about 67% of them discovered in 2023, are rated as medium level. Because of they’re the most common, it makes sense to understand what they are and when they represent an actual security threat. These are the facts about those kinds of vulnerabilities what you should know about them. What … Read more
WordPress security researchers at Patchstack published their annual State of WordPress Security whitepaper that showed an increase of high and critical severity vulnerabilities, highlighting the importance of security for all websites on the WordPress platform. XSS Is Top WordPress Vulnerability Of 2023 There are many kinds of vulnerabilities but the most common by far was … Read more
Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that can make it possible for hackers to upload malicious files. One of them is rated as a high threat vulnerability because it can allow hackers to bypass access controls, execute scripts and obtain sensitive data. Two Different Kinds Of Vulnerabilities The … Read more
WordPress announced a security release version 6.4.3 as a response to two vulnerabilities discovered in WordPress plus 21 bug fixes. PHP File Upload Bypass The first patch is for a PHP File Upload Bypass Via Plugin Installer vulnerability. It’s a flaw in WordPress that allows an attacker to upload PHP files via the plugin and … Read more
Researchers uncover data leaks in Google Tag Manager (GTM) as well as security vulnerabilities, arbitrary script injections and instances of consent for data collection enabled by default. A legal analysis identifies potential violations of EU data protection law. There are many troubling revelations including that server-side GTM “obstructs compliance auditing endeavors from regulators, data protection … Read more
WordPress announced it was publishing a maintenance and security release that patches multiple vulnerabilities including one that could lead to a full site takeover. Maintenance and Security Release WordPress 6.3.2 WordPress 6.3.2 delivers 41 bug fixes but more importantly it ships with patches for eight vulnerabilities. The following eight vulnerabilities were recently discovered and patched: … Read more
