Tag Archives: WordPress

JetPack and TwentyFifteen Vulnerable to DOM-based XSS – Millions of WordPress Websites Affected

Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact countRead More Info »

Critical Persistent XSS 0day in WordPress

Yes, you’ve read it right: a critical, unpatched 0-day vulnerability affecting WordPress’ comment mechanisms was disclosed earlier today by Klikki Oy. Who’s affected If your WordPress site allows users to post comments via the WordPress commenting system, you’re at risk. An attacker could leverage a bug in the way comments are stored in the site’s databaseRead More Info »

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers toRead More Info »

The Best Related Posts Plugins for WordPress

By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site can be a challenge. In today’s Weekend WordPress Project we’ll look at how you can display related and promoted posts in WordPress, so when a user has finished More Info »

FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities

The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities: Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and More Info »

FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities

The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities: Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq andRead More Info »