Collaborate Disseminate
A WordPress plugin with over 100,000 active installations had a bug that could have allowed unauthorised attackers to wipe its users’ blogs clean, it emerged this week. Continue reading WordPress plugin hole could have allowed attackers to wipe websites
Researchers have discovered bad authentication bypass vulnerabilities affecting two WordPress plugins which should be patched as soon as possible. Continue reading Update now! Popular WordPress plugins have password bypass flaws
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack. Continue reading Critical WordPress Bug Leaves 320,000 Sites Open to Attack
A new vulnerability in a popular WordPress plugin could allow outsiders who exploit the flaw to take control of a website, according to new research. Luka Šikić, who works as a security developer at WebARX, published a report Monday revealing the bug in the Simple Social Buttons plugin, which more than 40,000 websites use to distribute their content on Facebook, Twitter and others. The problem would allow hackers to modify a WordPress site’s settings in a way plugin developers did not intend. WPBrigade, the firm that developed Simple Social Buttons, patched the flaw in the 2.0.22 software update, which was released Friday. Šikić said he informed WPBrigade about the vulnerability on Feb. 7, and that the company fixed the issue within a day. “If your website uses the WordPress plugin ‘Simple Social Buttons,’ you should update it to the latest version as soon as possible,” WebARX said in a blog […]
The post WordPress plugin patches flaw that gave hackers potential access to 40,000 websites appeared first on CyberScoop.
Continue reading WordPress plugin patches flaw that gave hackers potential access to 40,000 websites
The popular plugin for implementing Accelerated Mobile Pages returned, patched, to WordPress.org last week. Continue reading Update now! Dangerous AMP for WordPress plugin fixed