Category Archives: Security
WordPress 4.3.1 Security Release
WordPress version 4.3.1 was released today, which is a security update for all previous WordPress versions. This version of WordPress addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. (CVE-2015-5714). WordPress 4.3.1 also fixes twenty-six bugs! You can read the full announcement … Continue reading
Interview with WordPress.org’s Security Czar, Nikolay Bachiyski
At WordCamp Europe 2015 , Matt Mullenweg named Nikolay Bachiyski the first Security Czar for the WordPress project . With over 10 years of experience contributing to the WordPress project, Nikolay is a great fit and has embraced the role. … Continue reading
WooCommerce PayPal Object Injection
The fine people at Woo have released a security patch for WooCommerce, fixing a vulnerability in their PayPal notification system. The vulnerability affects WooCommerce 2.0.20 – 2.3.10 when a “PayPal Identity Token” is set. It allows attackers to remotely execute … Continue reading
Genericons XSS Vulnerability & WordPress 4.2.2
A XSS vulnerability has been found in Genericons. To explain further, Genericons includes a file called example.html which has been found to be vulnerable to attack from the Document Object Model level. Any WordPress plugin or theme that includes this file … Continue reading
White Label CMS Vulnerability
A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released … Continue reading
VaultPress Blog 