Category: WordPress News

Currently Tracking: WordPress Plugin Vulnerabilities Causing Malicious Redirects

SiteLock research and remediation teams have become aware of several vulnerable WordPress plugins that are affecting our customers. The symptoms most commonly associated with these vulnerabilities are malicious redirects. Essentially, visitors are being sent to another website than the one they are attempting to access. We are still gathering information on these vulnerabilities, and how they are being used. As soon as we have completed our review, we will release more information.

The affected WordPress plugins are:

CMS security update

Another Zero-Day Vulnerability Discovered in a Social Sharing WordPress Plugin

Social Warfare announced via Twitter on March 21, 2019, a new version 3.5.3 was released due to a cross-site scripting (XSS) WordPress vulnerability that was discovered yesterday. The social sharing plugin allows users to share social media links in the form of buttons on their website and comments, making it easier for their readers’ to quickly access the websites’ social media pages.

CMS security update

A Critical Vulnerability in Easy WP SMTP WordPress Plugin Discovered

This week a severe WordPress vulnerability was patched by the authors of Easy WP SMTP WordPress Plugin. Easy WP SMTP allows users to send outgoing emails through the SMTP server in an attempt to keep their emails from going directly to spam or junk mail. This vulnerability allows cybercriminals to gain unauthenticated access to sites using this plugin. With over 300,000 active installations, thousands of users are affected by this zero-day vulnerability in version 1.3.9.

CMS security update

WordPress Addresses Comment Vulnerabilities in Latest 5.1.1 Version Update

On March 12, 2019, a maintenance release was announced by WordPress for version 5.1.1. With this new version, there are 10 fixes and enhancements, which include security updates that address how comments are filtered and stored within the database. Prior to this update, if WordPress comments were maliciously crafted, an unauthenticated attacker could gain access to the user’s site, resulting a cross-site scripting vulnerability.

CMS security update

WordPress Addresses File Deletion Vulnerability in New Version

Last week WordPress released version 4.9.7, a maintenance and security update. This update addresses a recently discovered security vulnerability, as well as 17 additional bug fixes. WordPress disclosed that versions 4.9.6 and earlier are affected by a security vulnerability that  to delete files outside of the /wp-content/uploads directory. This could potentially allow users created by malware to delete files necessary to the core functionality of WordPress.

Gutenberg: A First Look at the Editor Expected to Change WordPress Forever

The Gutenberg WordPress Editor will very soon be part of WordPress core. This new editor promises a completely different content creation experience in WordPress, and is arguably one of the biggest changes of functionality in WordPress history. And no single core feature has ever inspired such heated debate amongst WordPress users and developers.

Powered by WordPress & Theme by Anders Norén