Webmaster Forum

Go Back   Webmaster Forum > Web Development > Blogging Forum

Blogging Forum Discuss general blogging issues here - design, integration, posting, trackbacks, ETC. Also discuss blogs you like.


Reply
 
Thread Tools Display Modes
Share |
  #141  
Old 07-05-2019, 05:24 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
WordPress Plugin WP Statistics Patches XSS Flaw

If you are using the WP Statistics plugin you better check this article out:
Quote:
A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.

WordPress plugin WP Statistics has patched a cross-site scripting (XSS) vulnerability that could allow for full website takeover, if the website is operating under certain non-default settings....
Continued: WordPress Plugin WP Statistics Patches XSS Flaw
 
Reply With Quote

Advertisement

Advertisement

  #142  
Old 07-24-2019, 06:22 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign

Read this article to see if your plug(s) are affected:
Quote:
An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.


A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages.

Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with the vulnerable plugins in order to display unwanted popup ads, as well as redirect site visitors to tech support scam pages, malicious Android APKs and sketchy pharmaceutical ads...
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign
July 23, 2019
 
Reply With Quote
  #143  
Old 08-07-2019, 06:39 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
Cryptolocking WordPress Plugin Locks Up Blog Posts

If you are using a plugin called WP Security better read this:
Quote:
A new type of malicious plugin has been spotted in the wild with the capability of targeting individual blog posts.

A malicious WordPress plugin ironically called WP Security has been spotted in the wild encrypting blog posts and rendering the content unreadable. It’s capable of targeting individual posts — an unusual behavior, according to researchers.

According to analysis from Sucuri, the plugin obtains a list of all of the posts within the system and encrypts them with keys, using the AES-256-CBC encryption standard and the openssl_encrypt function. The posts are encrypted inside the database. Only the actual post content is encrypted and everything else related to the site is untouched. A log file is then generated with a list of the encrypted posts...
Continued: Cryptolocking WordPress Plugin Locks Up Blog Posts
August 6, 2019
 
Reply With Quote
  #144  
Old 08-23-2019, 04:29 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
WordPress Plugins Exploited in Ongoing Attack, Researchers Warn

Read this article to check which of your Wordpress plugins might be affected:
Quote:
Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims’ websites to a number of potentially harmful locations.

Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”). All plugins have updates available resolving the vulnerabilities – but researchers in a Friday post warned that WordPress users should update as soon as possible to avoid attack...
WordPress Plugins Exploited in Ongoing Attack, Researchers Warn
August 23, 2019
 
Reply With Quote
  #145  
Old 09-05-2019, 05:54 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
5.2.3 Security and Maintenance Release

If you do not have Wordpress set up to automatically update you will want to install this update:
Quote:
WordPress 5.2.3 is now available!

This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade.

If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you.
Continued: WordPress 5.2.3 Security and Maintenance Release
September 5, 2019
 
Reply With Quote
  #146  
Old 09-14-2019, 09:57 AM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,675
iTrader: 5 / 100%
WordPress XSS Bug Allows Drive-By Code Execution

If you are using the Gutenberg editor in your Wordpress site you need to read this:
Quote:
A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis.

The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that Gutenberg fails to filter a post’s JavaScript/HTML code if there’s a “Shortcode” error message.

Shortcodes are essentially shortcuts that WordPress users can utilize to embed files or create objects that would normally require more complex code to accomplish. Shortcode blocks can be added to a page by clicking on the “Add Block button” inside the Gutenberg editor...
Continued: WordPress XSS Bug Allows Drive-By Code Execution
September 13, 2019
 
Reply With Quote
Go Back   Webmaster Forum > Web Development > Blogging Forum

Reply


Currently Active Users Viewing This Thread: 3 (0 members and 3 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sms Alerts Beergoggles Web Design Lobby 3 07-03-2007 10:10 AM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 07:12 AM.
Powered by vBulletin
Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC