Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
LinkBack Thread Tools Display Modes
Share |
  #101 (permalink)  
Old 07-11-2016, 04:21 PM
snakeair's Avatar
Super Moderator
Latest Blog:
None

 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
All in One SEO 2.3.7 Patches Persistent XSS Vulnerability

If you are using this plugin, you need to upgrade right now.

Quote:
Semper Fi Studios, the company behind All in One SEO, a popular WordPress SEO optimization plugin that’s active on more than 1M sites, has released 2.3.7 to patch a persistent XSS security vulnerability.

According to the plugin’s changelog, 2.3.7 sanitizes the Bad Bots module referer and user agent. While it doesn’t sound significant on the surface, this vulnerability can allow anonymous users to store their payload in the WordPress dashboard by simply visiting the public site with a malformed User Agent or Referrer header.

The vulnerability was reported by David Vaartjes and lies within the Bot Blocker functionality which is used to block certain bots or search engine spiders from crawling a site.
Continued at: https://wptavern.com/all-in-one-seo-...-vulnerability
__________________
Staff @WPArena.com
 
Reply With Quote

Advertisement

Advertisement

  #102 (permalink)  
Old 08-16-2016, 10:39 PM
snakeair's Avatar
Super Moderator
Latest Blog:
None

 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
SQL Injection Vulnerability in Ninja Forms

Yikes!!!

Quote:
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites.
Continued at: https://blog.sucuri.net/2016/08/sql-...nja-forms.html
__________________
Staff @WPArena.com
 
Reply With Quote
  #103 (permalink)  
Old 08-16-2016, 10:41 PM
snakeair's Avatar
Super Moderator
Latest Blog:
None

 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
WordPress 4.6 “Pepper”

Backup your blogs first.

Quote:
Version 4.6 of WordPress, named “Pepper” in honor of jazz baritone saxophonist Park Frederick “Pepper” Adams III, is available for download or update in your WordPress dashboard. New features in 4.6 help you to focus on the important things while feeling more at home.
Continued at: https://wordpress.org/news/2016/08/pepper/

I've upgraded with zero issues.
__________________
Staff @WPArena.com
 
Reply With Quote
  #104 (permalink)  
Old 09-09-2016, 04:18 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.6.1 Security and Maintenance Release

Quote:
WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress 4.6.1 Security and Maintenance Release
September 7, 2016
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #105 (permalink)  
Old 09-21-2016, 01:07 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
Neosense WordPress templates

Those that use Neosense WordPress templates should read this:
Quote:
WordPress theme publisher DynamicPress fixed a flaw Monday that let anyone upload malicious files to sites running its business-themed Neosense WordPress templates, compromise the site and possibly the server hosting it...
Continued: Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads
September 20, 2016
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #106 (permalink)  
Old 12-02-2016, 05:06 AM
snakeair's Avatar
Super Moderator
Latest Blog:
None

 
Join Date: 12-31-07
Location: Medford, NJ
Posts: 54,771
iTrader: 3 / 100%
Exploited Script in WordPress Theme Sends Spam

Quote:
As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins – which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code that is developed with good intentions but without taking security measures into consideration. For that reason, many people often wonder if their site is hacked when they begin receiving complaints from their users.
Continued at: https://blog.sucuri.net/2016/12/expl...send-spam.html
__________________
Staff @WPArena.com
 
Reply With Quote
  #107 (permalink)  
Old 12-07-2016, 09:34 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7 “Vaughan”

Wordpress has updated. If your site does not auto update time to go into your backend and update it:
Quote:
Version 4.7 of WordPress, named “Vaughan” in honor of legendary jazz vocalist Sarah “Sassy” Vaughan, is available for download or update in your WordPress dashboard. New features in 4.7 help you get your site set up the way you want it.
Continued: WordPress 4.7 “Vaughan”
December 6, 2016
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #108 (permalink)  
Old 01-16-2017, 09:15 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7.1 Security and Maintenance Release

If you do not have your Wordpress site set up to auto update (you should have gotten an email from your blog notifying you if you do) there was an update issued:
Quote:
...immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:...
WordPress 4.7.1 Security and Maintenance Release
January 11, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #109 (permalink)  
Old 01-27-2017, 07:19 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7.2 Security Release

Another security release for Wordpress 4.7
Quote:
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.1 and earlier are affected by three security issues:...
WordPress 4.7.2 Security Release
January 26, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #110 (permalink)  
Old 02-04-2017, 12:30 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update

If you haven't updated your Wordpress to 4.72 yet, you better:
Quote:
WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week.

Sucuri, the firm that found the vulnerability, disclosed it Wednesday and said that if exploited, it could have let an attacker modify the content of any WordPress post or page.
WordPress Silently Fixed Privilege Escalation Vulnerability in 4.72 Update via ThreatPost
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #111 (permalink)  
Old 02-12-2017, 08:55 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure

If you have not made sure your Wordpress blog or site is up to date you may end up hacked:
Quote:
Attackers have taken a liking to a content-injection vulnerability disclosed last week and patched in WordPress 4.7.2 that experts say has been exploited to deface 1.5M sites so far.

The issue has evolved into “one of the worst WordPress related vulnerabilities to emerge in some time,” researchers with WordFence, a Seattle-based firm that makes a WordPress security plugin, said Thursday...
Continued: 1.5M Unpatched WordPress Sites Hacked Following Vulnerability Disclosure
February 10, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #112 (permalink)  
Old 03-02-2017, 07:04 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
Million-Plus WordPress Sites Exposed by Vulnerable Plugin

If your Wordpress installation uses the NextGEN Gallery plugin you will want to read this:
Quote:
A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack.

The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group galleries. It’s been downloaded more than 16 million times since it was developed in 2007.

Researchers at Sucuri on Monday disclosed what was characterized as a “severe SQL injection vulnerability.”...
Continued: Million-Plus WordPress Sites Exposed by Vulnerable Plugin
March 1, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #113 (permalink)  
Old 03-16-2017, 07:55 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7.3 Security and Maintenance Release

As noted below, this update is a security release for all versions:
Quote:
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues...
WordPress 4.7.3 Security and Maintenance Release
March 6, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #114 (permalink)  
Old 05-05-2017, 10:44 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7.4 Maintenance Release

If you do not have your Wordpress site/blog set to auto update you might have missed this:

Quote:
...This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes...
WordPress 4.7.4 Maintenance Release
April 20, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #115 (permalink)  
Old 05-05-2017, 11:21 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
Unpatched WordPress Password Reset Vulnerability Lingers

According to the article Wordpress has known about this for a while...
Quote:
A zero-day vulnerability exists in WordPress Core that in some instances could allow an attacker to reset a user’s password and gain access to their account.

Researcher Dawid Golunski of Legal Hackers disclosed the vulnerability on Wednesday via his new ExploitBox service. All versions of WordPress, including the latest, 4.7.4, are vulnerable, the researcher said...
Unpatched WordPress Password Reset Vulnerability Lingers
May 4, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #116 (permalink)  
Old 05-17-2017, 09:14 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress Now on HackerOne

Wonder if any of these guys will be involved in development so problems are detected before updates?
Quote:
...Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne!

HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress....
WordPress Now on HackerOne
May 15, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #117 (permalink)  
Old 05-17-2017, 09:16 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.7.5 Security and Maintenance Release

Another update:
Quote:
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.4 and earlier are affected by six security issues:...
WordPress 4.7.5 Security and Maintenance Release
May 16, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #118 (permalink)  
Old 06-17-2017, 07:47 PM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.8 “Evans”

If you do not have auto updates enabled on your Wordpress site, there was a new update:
Quote:
Gear up for a more intuitive WordPress!

Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand...
WordPress 4.8 “Evans”
June 8, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #119 (permalink)  
Old 08-11-2017, 08:06 AM
HTMLBasicTutor's Avatar
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 25,336
iTrader: 5 / 100%
WordPress 4.8.1 Maintenance Release

Quote:
After over 13 million downloads of WordPress 4.8, we are pleased to announce the immediate availability of WordPress 4.8.1, a maintenance release.

This release contains 29 maintenance fixes and enhancements, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget. For a full list of changes, consult the release notes, the tickets closed, and the list of changes.
WordPress 4.8.1 Maintenance Release
August 2, 2017
__________________

HTML Basic Tutor - Learn how to code for better SEO
Basic Computer Information - Computer & internet basics for website owners

SEO troubleshooting and review services available. - Pm me.
 
Reply With Quote
  #120 (permalink)  
Old 08-11-2017, 08:24 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
Latest Blog:
None

 
Join Date: 11-04-12
Location: Where my wife likes me to be. :)
Posts: 3,447
iTrader: 0 / 0%
Quote:
Originally Posted by HTMLBasicTutor View Post
Thank God for this update - specifically for the Text Widget issue.
__________________
SEO Friendly Responsive Web Design in Stouffville / Markham
Affordable Web Design by In Front Media in York Region
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 03:43 AM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2014 Escalate Media




Search Engine Optimization by vBSEO 3.6.0 RC 2 ©2011, Crawlability, Inc.