Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
Thread Tools Display Modes
Share |
  #81  
Old 03-11-2015, 04:33 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
Popular WordPress Plugin ‘SEO by Yoast’ Vulnerable To Hackers

Those of you using Yoast's SEO plugin might want to read this:
Quote:
Hacker News reports that a vulnerability affecting millions of users has been found in industry leading WordPress plugin SEO by Yoast.

According to an advisory, all versions of SEO by Yoast prior to 1.7.3.3 are vulnerable to Blind SQL Injection web application flaw. This is considered a critical vulnerability due to the fact that it could seriously compromise your WordPress site.
Continued: WordPress Plugin ‘SEO by Yoast’ Vulnerable To Hackers
 
Reply With Quote

Advertisement

Advertisement

  #82  
Old 03-11-2015, 04:43 PM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,772
iTrader: 0 / 0%
Makes me glad I chose not to use this plugin.
 
Reply With Quote
  #83  
Old 03-11-2015, 05:03 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
Quote:
Originally Posted by LMD View Post
Makes me glad I chose not to use this plugin.
Me too!
 
Reply With Quote
  #84  
Old 04-22-2015, 01:29 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.1.2 Security Release

You may not want to rely on Wordpress' auto update feature for this one:
Quote:
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.

We also fixed three other security issues
WordPress 4.1.2 Security Release - Wordpress.org Official Blog
April 21, 2015
 
Reply With Quote
  #85  
Old 04-23-2015, 12:26 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.2 “Powell”

Quote:
Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, is available for download or update in your WordPress dashboard. New features in 4.2 help you communicate and share, globally.
Announcement continued: WordPress 4.2 “Powell”
April 23, 2015
 
Reply With Quote
  #86  
Old 04-28-2015, 12:35 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.2.1 Security Release

Quote:
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
Continued: WordPress 4.2.1 Security Release
April 27, 2015
 
Reply With Quote
  #87  
Old 05-06-2015, 09:14 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.2.2 Security and Maintenance Release

Quote:
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
Wordpress announcement continued: WordPress 4.2.2 Security and Maintenance Release
May 7, 2015
 
Reply With Quote
  #88  
Old 07-04-2015, 11:21 AM
clippittee's Avatar
clippittee clippittee is offline
Junior Member
 
Join Date: 04-23-15
Posts: 7
iTrader: 0 / 0%
Hi, before I upgrade to 4.2.2, can someone confirm that this is working with no issues?
 
Reply With Quote
  #89  
Old 07-04-2015, 11:47 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
I have not had any issues but it depends on what plugins you have installed.
 
Reply With Quote
  #90  
Old 07-23-2015, 08:29 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.2.3 Security and Maintenance Release

Some of you might have received a notice your Wordpress installation has been upgraded, if not:
Quote:
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team.
Continued: WordPress 4.2.3 Security and Maintenance Release
July 23, 2015
 
Reply With Quote
  #91  
Old 08-08-2015, 12:56 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.2.4 Security and Maintenance Release

Quote:
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
August 4, 2015
WordPress 4.2.4 Security and Maintenance Release
 
Reply With Quote
  #92  
Old 08-18-2015, 09:32 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.3 “Billie”

Quote:
Version 4.3 of WordPress, named “Billie” in honor of jazz singer Billie Holiday, is available for download or update in your WordPress dashboard. New features in 4.3 make it even easier to format your content and customize your site.
WordPress 4.3 “Billie”
August 18, 2015
 
Reply With Quote
  #93  
Old 09-16-2015, 06:41 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.3.1 Security and Maintenance Release

Quote:
WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.
Continued: WordPress 4.3.1 Security and Maintenance Release
September 15, 2015
 
Reply With Quote
  #94  
Old 01-07-2016, 07:25 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.4.1 Security and Maintenance Release

Quote:
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L.

There were also several non-security bug fixes
Continued: WordPress 4.4.1 Security and Maintenance Release
January 6, 2016
 
Reply With Quote
  #95  
Old 02-03-2016, 12:24 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.4.2 Security and Maintenance Release

Quote:
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar.
Continued: WordPress 4.4.2 Security and Maintenance Release
February 2, 2016
 
Reply With Quote
  #96  
Old 04-27-2016, 01:54 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.5.1 Maintenance Release

Quote:
This release fixes 12 bugs, chief among them a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads. This maintenance release fixes a total of 12 bugs in Version 4.5. For more information, see the release notes or consult the list of changes.
WordPress 4.5.1 Maintenance Release
 
Reply With Quote
  #97  
Old 05-07-2016, 08:27 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.5.2 Security Release

Quote:
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues...
Continued: WordPress 4.5.2 Security Release
May 6, 2016
 
Reply With Quote
  #98  
Old 05-11-2016, 09:08 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
Warning: Vulnerability discovered in Yoast SEO WordPress plugin

Users of the Yoast SEO Wordpress plugin need to update.
Quote:
WordPress and Yoast SEO users: If you do not have the most recent version of the Yoast SEO plugin, grab it now. Last Friday, it was discovered that Yoast SEO versions 3.2.4 and earlier would allow anyone who has “subscriber” level access to your WordPress site to download your Yoast SEO settings.

What this means is that it would be easy for someone to get into open sites to access your potentially confidential SEO settings just by creating an account and exploiting the vulnerability....
Warning: Vulnerability discovered in Yoast SEO WordPress plugin
May 10, 2016
 
Reply With Quote
  #99  
Old 06-02-2016, 12:08 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
Why You Need To Update Your Jetpack Plug-In Right Now

If you don't visit the backend of your Wordpress site regularly to see plug-in updates and use Jetpack, you need too...

Quote:
It is a warning to all WordPress users: update your Jetpack plug-in right now to protect your site from a huge security breach. CSO Online reports that the popular plug-in has a flaw that could make your site vulnerable to attacks.

Many are using Jetpack as a free tool for website optimization, management, and security features. With more than a million active installation, web security firm Sucuri is warning users about its findings. It claims to have found a stored cross-site scripting (XSS) vulnerability. All Jetpack released since 2012 are vulnerable and should be updated immediately.
Why You Need To Update Your Jetpack Plug-In Right Now
 
Reply With Quote
  #100  
Old 06-21-2016, 11:55 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,700
iTrader: 5 / 100%
WordPress 4.5.3 Maintenance and Security Release

Quote:
WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security team and by Dan Moen; oEmbed denial of service reported by Jennifer Dodd from Automattic; unauthorized category removal from a post, reported by David Herrera from Alley Interactive; password change via stolen cookie, reported by Michael Adams from the WordPress security team; and some less secure sanitize_file_name edge cases reported by Peter Westwood of the WordPress security team.
Continued: WordPress 4.5.3 Maintenance and Security Release
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 08:23 PM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC