Category Archives: Security

WordPress 4.3.1 Security Release

WordPress version 4.3.1 was released today, which is a security update for all previous WordPress versions. This version of WordPress addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. (CVE-2015-5714). WordPress 4.3.1 also fixes twenty-six bugs! You can read the full announcement … Continue reading

Posted in General, Security | Tagged , | Leave a comment

Interview with’s Security Czar, Nikolay Bachiyski

At WordCamp Europe 2015 , Matt Mullenweg named Nikolay Bachiyski the first Security Czar for the WordPress project . With over 10 years of experience contributing to the WordPress project, Nikolay is a great fit and has embraced the role. … Continue reading

Posted in Community, Security | Tagged , , | 1 Comment

WooCommerce PayPal Object Injection

The fine people at Woo have released a security patch for WooCommerce, fixing a vulnerability in their PayPal notification system. The vulnerability affects WooCommerce 2.0.20 – 2.3.10 when a “PayPal Identity Token” is set. It allows attackers to remotely execute … Continue reading

Posted in General, Security | Leave a comment

Genericons XSS Vulnerability & WordPress 4.2.2

A XSS vulnerability has been found in Genericons. To explain further, Genericons includes a file called example.html which has been found to be vulnerable to attack from the Document Object Model level. Any WordPress plugin or theme that includes this file … Continue reading

Posted in Security | 7 Comments

White Label CMS Vulnerability

A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released … Continue reading

Posted in General, Security | Leave a comment