WordPress Security Updates: July 2020

WordPress Security Updates: July 2020

This monthly report is provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse of any potential vulnerabilities that might affect our customers, as well as any WordPress user. We sincerely hope these efforts help any and all that…

The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks

The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks

On June 26, 2020, our Wordfence colleagues discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on…

Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder

On July 23, 2020, our Wordfence colleagues discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including…

Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites

Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites

On July 13, 2020, our Wordfence colleagues was alerted to a recently patched vulnerability in Newsletter, a WordPress plugin with over 300,000 installations. While investigating this vulnerability, we discovered two additional, more serious vulnerabilities, including a reflected Cross-Site Scripting(XSS) vulnerability and a PHP Object Injection vulnerability. We reached out to the plugin’s author on July…

Critical File Upload Vulnerability in wpDiscuz Plugin

Critical File Upload Vulnerability in wpDiscuz Plugin

In this week’s news, our Wordfence colleagues discovered a vulnerability in the wpDiscuz plugin, affecting over 80,000 WordPress sites. A blind SQL injection attack affected analytics service Waydev, exposing OAuth tokens for GitHub repositories for software companies, leading to further breaches. A debate about problematic admin notices on the WordPress admin dashboard has many wondering…

Attacking and Enumerating Joomla | HackerTarget.com

folder image

Recent statistics show Joomla is a popular open-source Content Management System (CMS), with close to 6% of all websites. It is open-source, free to download, and easy to use. These things make it a popular option. Similar to WordPress’s plugins, Joomla allows functionality through “Extensions” This popularity makes it a target for bad guys aiming…

Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin

Critical Arbitrary File Upload Vulnerability Patched in wpDiscuz Plugin

On June 19th, our Wordfence colleagues discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin installed on over 80,000 sites. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. We initially reached out to the plugin’s developer on…

What is SSL and Why Is It Critical in 2020?

What is SSL and Why Is It Critical in 2020?

Secure Sockets Layer, also known as SSL, is a security technology that provides encryption between a client and a webserver. To understand this a bit more simply, a “client” is a web browser like Chrome or Safari, and a “webserver” is your website or online store. An easy way to tell if the website you…

How To Backup WordPress Database (Step-by-Step Guide)

Want to recover the database of your WordPress site? Or looking to take a backup of your WordPress database to be safe? Your WordPress database stores content, user data, configurations, and other data that is vital to the functioning of your website. If you lose your database, you lose your website or at least a…

iThemes Security Pro Feature Spotlight: Site Scan

iThemes Security Pro Feature Spotlight: User Groups

In the Feature Spotlight posts, we highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are shining the spotlight on the iThemes Security Pro Site Scan, a great feature to secure and protect your…

WP2Social Auto Publish Powered By : XYZScripts.com