Loginizer 1.3.8-1.3.9 – Unauthenticated Stored Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9088

BBE Theme <= 1.52 – Direct Object Reference

https://wpvulndb.com/vulnerabilities/9087

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 – Authenticated Code Execution

https://wpvulndb.com/vulnerabilities/9086

How To Clean A Hacked WordPress Site On Your Own

https://blog.threatpress.com/clean-hacked-wordpress-site/
WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. To try and help with this, we’re going to be taking a look at what you need to do in order to clean out a WordPress site. Check Core File Integrity With WordPress sites, you’ll find that a lot of the core files do not […]

WP Live Chat Support <= 8.0.07 – Cross-Site Scripting (XSS)

https://wpvulndb.com/vulnerabilities/9085

Metronet Tag Manager <= 1.2.7 – Cross-Site Request Forgery (CSRF)

https://wpvulndb.com/vulnerabilities/9084

WP ULike <= 3.1 – Unauthenticated Stored XSS

https://wpvulndb.com/vulnerabilities/9083

GD bbPress Attachments <= 2.5 – Authenticated Stored XSS

https://wpvulndb.com/vulnerabilities/9082

WP User Groups <= 2.0.0 – Cross-Site Request Forgery (CSRF)

https://wpvulndb.com/vulnerabilities/9081

Implementing WordPress Security Keys & Salts (and Generating Your Own) in 2018

https://wpbuffs.com/wordpress-security-keys-salts/
In December of 2017, Wordfence reported that 1.4 billion sets of WordPress login credentials were stolen, and a massive campaign of brute force attacks occurred shortly thereafter. With usernames and matching passwords made so readily available, it’s no surprise that hackers jumped at the chance to launch attack after attack–at its peak, 14.1 million attacks an hour–against WordPress users. Of course, that’s when WordPress admins go into defensive mode and require all users to reset and change their passwords. But is that enough? Does strict password enforcement even matter if hackers are able to uncover that information from a cracked […]