Wordpress Alerts Thread - Page 3

**HTMLBasicTutor** · Share | #41 (**permalink**) 06-12-2012, 10:05 AM

Regina Smola over at WP Security Lock has posted a list of plugins with security vulnerabilities:

Quote:

There have been several reports of WordPress plugin vulnerabilities. On June 12, 2012, I did some research on plugins reported to have security issues and if they have been fixed or removed from the WordPress.org plugin repository.

Security Tip: To help keep your WordPress blog secure, I recommend the following:

If a plugin security fix is available, please update the plugin(s) immediately.

If a plugin as been removed from the WordPress plugin repository and a security fix is not yet available, delete the plugin(s) until an update is available.

WordPress Plugin Vulnerabilities and Fixes 06-12-2012

Note at the end of the list says the list will be updated as she finds more.

indybail · #42 (**permalink**) 06-13-2012, 01:54 PM

WordPress 3.4 is in the building! It's called 'Green'. Here's some details. http://wordpress.org/news/2012/06/green/

**HTMLBasicTutor** · #43 (**permalink**) 06-18-2012, 09:44 PM

Regina Smola over at WP Security Lock has another post of Wordpress security plugin vulnerabilities and fixes:

Quote:

On June 18, 2012, I did security checks on the following plugins that have been reported with security vulnerabilities.

(Unfortunately, when a plugin vulnerability is found it is posted online and can cause a mass attack on websites using the plugin.)

In an effort to help keep all self-hosted WordPress users safe, I check these daily for any new threats. The Plugins Team at WordPress.org work very quickly in disabling public downloads while working with the third-party developers to get security updates before adding them back to their repository.

For WordPress security, the plugins below have either been removed from WordPress.org pending a security update or have fixed the security vulnerability.

WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-18-2012

**HTMLBasicTutor** · #44 (**permalink**) 06-22-2012, 05:09 PM

Another round of Plugin Vulerabilities and Fixes from WP Security Lock: WordPress Security Plugin Report: Vulnerabilities and Fixes - 06-22-2012

**HTMLBasicTutor** · #45 (**permalink**) 06-27-2012, 03:11 PM

June 27, 2012

Quote:

WordPress 3.4.1 is now available for download. WordPress 3.4 has been a very smooth release, and copies are flying off the shelf — 3 million downloads in two weeks! This maintenance release addresses 18 bugs with version 3.4, including:

Continued: WordPress 3.4.1 Maintenance and Security Release

**HTMLBasicTutor** · #46 (**permalink**) 09-06-2012, 04:05 PM

Quote:

WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions.

After nearly 15 million downloads since 3.4 was released not three months ago, we’ve identified and fixed a number of nagging bugs, including:

Continued: WordPress 3.4.2 Maintenance and Security Release
Wordpress Blog September 6, 2012

**HTMLBasicTutor** · #47 (**permalink**) 12-11-2012, 09:33 AM

Quote:

It’s the most wonderful time of the year: a new WordPress release is available and chock-full of goodies to delight bloggers and developers alike. We’re calling this one “Elvin” in honor of drummer Elvin Jones, who played with John Coltrane in addition to many others.

WordPress 3.5 “Elvin” - Wordpress Official Blog December 11, 2012

**HTMLBasicTutor** · #48 (**permalink**) 12-19-2012, 12:40 PM

Quote:

A WordPress pingback vulnerability has been reported that could put your site's security at risk for a distributed denial-of-service attack (DDoS) attack....
...it seems that even WordPress 3.5 is at risk. So it looks like all versions...

WordPress Security Warning: Pingback Vulnerability & Temporary Fix
December 19, 2012

**HTMLBasicTutor** · #49 (**permalink**) 01-24-2013, 03:15 PM

Quote:

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. For a full list of changes, consult the list of tickets and the changelog, which include:

Continued: WordPress 3.5.1 Maintenance and Security Release
Wordpress Development Blog January 24/13

**HTMLBasicTutor** · #50 (**permalink**) 04-24-2013, 05:22 PM

Quote:

Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins in WordPress have what we would classify a very serious vulnerability – remote code execution (RCE), a.k.a., arbitrary code execution:

Quote:

…arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. – Wikipedia

Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed