Geo Mashup <= 1.10.3 – Unspecified Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9105

All In One Favicon 4.6 – Multiple Stored Authenticated XSS

https://wpvulndb.com/vulnerabilities/9104

Three Incident Response Preparations You Should Be Making

https://www.wordfence.com/blog/2018/07/three-incident-response-preparations-you-should-be-making/
In the context of cybersecurity, the adage “An ounce of prevention is worth a pound of cure” is a massive understatement. Make no mistake, the easiest way to handle a security incident is to prevent it from ever happening in the first place. We continually remind our readers about security best practices because the time spent implementing them is nominal

Details of an Additional File Deletion Vulnerability – Patched in WordPress 4.9.7

https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
Today WordPress released version 4.9.7, a security release which addresses two separate arbitrary file deletion vulnerabilities requiring Author privileges. Some details can be found on the WordPress.org blog. This post is Copyright 2018 Defiant, Inc. and was published on the wordfence.com official blog. Republication of this post without permission is prohibited. You can find this post at: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/ The first

Maintenance/Security Update: WordPress 4.9.7

https://wpengine.com/blog/maintenance-security-update-wordpress-4-9-7/
WordPress has released a new maintenance/security update today to WordPress core: version 4.9.7. Version 4.9.7 comes with security and maintenance fixes which the WordPress core team deemed impactful enough to warrant a release.  For details on this release you may reference the official blog post on WordPress.org: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/ As with all maintenance/security related updates, WordPress has … The post Maintenance/Security Update: WordPress 4.9.7 appeared first on WP Engine.

WordPress 4.9.7 Security and Maintenance Release

https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads directory. Thank you to Slavco

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 – Unauthenticated Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9103

Making Sense of WordPress Security for Online Business Owners

https://blogvault.net/wordpress-security-for-online-business-owners/
Security is one of the most important aspects of any website, yet countless online business owners ignore this fact when they are starting out. WordPress, as the most robust, most used website engine in the world, is both the platform … The post Making Sense of WordPress Security for Online

Site Reviews <= 2.15.2 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9102

Email Subscribers & Newsletters <= 3.4.12 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9101