WordPress 3.5.1 is out. This is a maintenance and security update. The security updates are for: ■ Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team. ■ Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team. ■ Cross-site scripting (XSS) …
WordPress 3.4.1 is available. It contains bugfixes and security updates.
Woke up this morning and saw a post by ITPixie regarding uploadify vulnerabilities in multiple WordPress themes and plugins. One of the themes was one I remember looking at using, so took a quick trip to the computer to make sure those files weren’t on my server. (fortunately, they weren’t). Uploadify is used by WordPress themes and plugin to …
WordPress 3.3.2 is out to fix multiple vulnerabilities. If you have a WordPress site somewhere on the internet, it is important to keep up to date. Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. SWFObject, which WordPress …
Regular reader of this blog may remember that back in August I looked at both Cloudflare and Incapsula to protect an accelerate infosecblog.org. Webmasters are faced with two huge challenges. The first is keeping the blog secure. There were many examples recently of WordPress blogs, even security related ones, compromised. While it is always easy to …
Continue reading ‘Dreamhost Adds One Click Cloudflare Option’ »
One of the recommended security measures for WordPress is to change the default database prefix. When you use the default setting, hackers can more easily perform SQL injection attacks. The easy way to avoid this is to change the prefix before installing WordPress for the first time. If you forget to do this, you can either …
If you haven’t logged into your WordPress today, this is news to you. Version 3.3.1 has been released to fix a XSS vulnerability. According to ThreatPost, this is only a vulnerability if you installed WordPress by browsing to the IP. Most installs are hosted and you would browse to the site FQDN to install. These …
I looked forward to WordPress 3.1 in order to use the new post formats. WordPress is trying to be a bit more like Tumbler and make it easier to post oneliners, links, and images. Except they really don’t. The 9 new formats are Aside, Chat, Gallery, Image, Link, Quote, Status, Video and Audio. It is my …
WordPress has released version 3.0.2 to address a privilege escalation user for users having author access. Upgrading is recommended by the vender even if you don’t have untrusted authors. The upgrade went smoothly on this blog. But on another blog, the update didn’t complete and the blog was stuck in maintenance mode. After taking care of …