Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
Thread Tools Display Modes
Share |
  #41  
Old 06-12-2012, 10:05 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress Plugin Vulnerabilities and Fixes 06-12-2012

Regina Smola over at WP Security Lock has posted a list of plugins with security vulnerabilities:
Quote:
There have been several reports of WordPress plugin vulnerabilities. On June 12, 2012, I did some research on plugins reported to have security issues and if they have been fixed or removed from the WordPress.org plugin repository.

Security Tip: To help keep your WordPress blog secure, I recommend the following:

If a plugin security fix is available, please update the plugin(s) immediately.

If a plugin as been removed from the WordPress plugin repository and a security fix is not yet available, delete the plugin(s) until an update is available.
WordPress Plugin Vulnerabilities and Fixes 06-12-2012

Note at the end of the list says the list will be updated as she finds more.
 
Reply With Quote

Advertisement

Advertisement

  #42  
Old 06-13-2012, 01:54 PM
indybail indybail is offline
Contributing Member
 
Join Date: 02-04-11
Location: Indianapolis, IN
Posts: 704
iTrader: 0 / 0%
WordPress 3.4 is in the building!

WordPress 3.4 is in the building! It's called 'Green'. Here's some details. http://wordpress.org/news/2012/06/green/

Last edited by HTMLBasicTutor; 06-13-2012 at 02:27 PM. Reason: merged into WP update thread
 
Reply With Quote
  #43  
Old 06-18-2012, 09:44 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-18-2012

Regina Smola over at WP Security Lock has another post of Wordpress security plugin vulnerabilities and fixes:
Quote:
On June 18, 2012, I did security checks on the following plugins that have been reported with security vulnerabilities.

(Unfortunately, when a plugin vulnerability is found it is posted online and can cause a mass attack on websites using the plugin.)

In an effort to help keep all self-hosted WordPress users safe, I check these daily for any new threats. The Plugins Team at WordPress.org work very quickly in disabling public downloads while working with the third-party developers to get security updates before adding them back to their repository.

For WordPress security, the plugins below have either been removed from WordPress.org pending a security update or have fixed the security vulnerability.
WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-18-2012
 
Reply With Quote
  #44  
Old 06-22-2012, 05:09 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-22-2012

Another round of Plugin Vulerabilities and Fixes from WP Security Lock: WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-22-2012
 
Reply With Quote
  #45  
Old 06-27-2012, 03:11 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.4.1 Maintenance and Security Release

June 27, 2012
Quote:
WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including:
Continued: WordPress 3.4.1 Maintenance and Security Release
 
Reply With Quote
  #46  
Old 09-06-2012, 04:05 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.4.2 Maintenance and Security Release

Quote:
WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions.

After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including:
Continued: WordPress 3.4.2 Maintenance and Security Release
Wordpress Blog September 6, 2012
 
Reply With Quote
  #47  
Old 12-11-2012, 10:33 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.5 “Elvin”

Quote:
It’s the most wonderful time of the year: a new WordPress release is available and chock-full of goodies to delight bloggers and developers alike. We’re calling this one “Elvin” in honor of drummer Elvin Jones, who played with John Coltrane in addition to many others.
WordPress 3.5 “Elvin” - Wordpress Official Blog December 11, 2012
 
Reply With Quote
  #48  
Old 12-19-2012, 01:40 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress Security Warning: Pingback Vulnerability & Temporary Fix

Quote:
A WordPress pingback vulnerability has been reported that could put your site's security at risk for a distributed denial-of-service attack (DDoS) attack....
...it seems that even WordPress 3.5 is at risk. So it looks like all versions...
WordPress Security Warning: Pingback Vulnerability & Temporary Fix
December 19, 2012
 
Reply With Quote
  #49  
Old 01-24-2013, 04:15 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.5.1 Maintenance and Security Release

Quote:
WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:
Continued: WordPress 3.5.1 Maintenance and Security Release
Wordpress Development Blog January 24/13
 
Reply With Quote
  #50  
Old 04-24-2013, 05:22 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability

Quote:
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:
Quote:
…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed
 
Reply With Quote
  #51  
Old 06-21-2013, 02:29 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.5.2 Maintenance and Security Release

For those who don't log into your Wordpress blog every day, there is an important update available:
Quote:
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
WordPress 3.5.2 Maintenance and Security Release
June 21, 2013
 
Reply With Quote
  #52  
Old 06-22-2013, 05:17 PM
webpirate's Avatar
webpirate webpirate is offline
Contributing Member
 
Join Date: 11-18-12
Location: On the open C++'s
Posts: 100
iTrader: 0 / 0%
Yipes, I just had to update manually this morning as the auto-updater inside wp wasn't working for me (I imagine it's the load on their server from people downloading the update).
 
Reply With Quote
  #53  
Old 08-19-2013, 04:47 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.6 “Oscar”

Quote:
The latest and greatest WordPress, version 3.6, is now live to the world and includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud. Here’s a video that shows off some of the features using our cast of professional actors:
WordPress 3.6 “Oscar”
August 1, 2013
 
Reply With Quote
  #54  
Old 09-11-2013, 08:08 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.6.1 Maintenance and Security Release

Quote:
After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release.

WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed by the WordPress security team:
Continued: WordPress 3.6.1 Maintenance and Security Release
Posted September 11, 2013
 
Reply With Quote
  #55  
Old 10-24-2013, 08:19 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
WordPress 3.7 “Basie”

Quote:
Version 3.7 of WordPress, named “Basie” in honor of Count Basie, is available for download or update in your WordPress dashboard. This release features some of the most important architectural updates we’ve made to date. Here are the big ones:
Continued: WordPress 3.7 “Basie”
October 24, 2013
 
Reply With Quote
  #56  
Old 10-24-2013, 08:53 PM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,358
iTrader: 0 / 0%
For me, so far I've found 3.7 has inhibited the plugin search function. I get errors when doing a plugin search with IE9. I now have to manually download the plugins, and then upload them for install. Not a big deal, but I'd prefer a one click install like earlier versions offered. I'm sure it will be remedied with another update or two. But for me, I'm not upgrading any other sites until I further check this version for any other anomalies and this glitch is fixed.
 
Reply With Quote
  #57  
Old 10-24-2013, 09:21 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,556
iTrader: 5 / 100%
LMD did you notice if there is there a way to turn this Updates while you sleep off? How would you know if the update broke some plugin you are using and therefore break your site? Scary.
 
Reply With Quote
  #58  
Old 10-24-2013, 09:26 PM
snakeair snakeair is offline
Super Moderator - Rest in Peace 2018
 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Looks like we have to do some editing of the template to disable this.

Quote:
Automatic background updates were introduced in WordPress 3.7 in an effort to promote better security, and to streamline the update experience overall. By default, only minor releases – such as for maintenance and security purposes – and translation file updates are enabled.

In WordPress, there are four types of automatic background updates:

1. Core updates
2. Plugin updates
3. Theme updates
4. Translation file updates

Core Updates

Core updates are subdivided into three types:
1. Core development updates, known as the "bleeding edge"
2. Minor core updates, such as maintenance and security releases
3. Major core release updates

By default, automatic updates are only enabled for minor core releases and translation files.

WP_AUTO_UPDATE_CORE

To enable automatic updates for major releases or development purposes, the place to start is with the WP_AUTO_UPDATE_CORE constant. Defining this constant one of three ways allows you to blanket-enable, or blanket-disable several types of core updates at once.

WP_AUTO_UPDATE_CORE can be defined with one of three values, each producing a different behavior:
■ Value of true – Development, minor, and major updates are all enabled
■ Value of false – Development, minor, and major updates are all disabled
■ Value of minor – Minor updates are enabled, development, and major updates are disabled
Continued at: http://codex.wordpress.org/Configuri...ground_Updates
 
Reply With Quote
  #59  
Old 10-25-2013, 06:32 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,358
iTrader: 0 / 0%
Quote:
Originally Posted by HTMLBasicTutor View Post
LMD did you notice if there is there a way to turn this Updates while you sleep off? How would you know if the update broke some plugin you are using and therefore break your site? Scary.
Yup. I got some readin' and testin' to do.
 
Reply With Quote
  #60  
Old 10-27-2013, 04:08 PM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,358
iTrader: 0 / 0%
I still think the default install could have been made with all the auto updates in mind, but there should at least be a choice to keep the auto update on, and be able to turn it off, if so desired.

That said, I'm going to have to wait for a future update to 3.7 so I can search for plugins for easy install. The WP forum danced all around the problem error messages I was getting (and others chimed in with this same problem too), but most who posted, agreed it's a bug and not much to do about it untill it's fixed in a future update.
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 10:43 PM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC