Loginizer 1.3.8-1.3.9 – Unauthenticated Stored Cross-Site Scripting (XSS)


BBE Theme <= 1.52 – Direct Object Reference


ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 – Authenticated Code Execution


How To Clean A Hacked WordPress Site On Your Own

WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. To try and help with this, we’re going to be taking a look at what you need to do in order to clean out a WordPress site. Check Core File Integrity With WordPress sites, you’ll find that a lot of the core files do not […]

WP Live Chat Support <= 8.0.07 – Cross-Site Scripting (XSS)


Metronet Tag Manager <= 1.2.7 – Cross-Site Request Forgery (CSRF)


WP ULike <= 3.1 – Unauthenticated Stored XSS


GD bbPress Attachments <= 2.5 – Authenticated Stored XSS


WP User Groups <= 2.0.0 – Cross-Site Request Forgery (CSRF)


Implementing WordPress Security Keys & Salts (and Generating Your Own) in 2018

In December of 2017, Wordfence reported that 1.4 billion sets of WordPress login credentials were stolen, and a massive campaign of brute force attacks occurred shortly thereafter. With usernames and matching passwords made so readily available, it’s no surprise that hackers jumped at the chance to launch attack after attack–at its peak, 14.1 million attacks an hour–against WordPress users. Of course, that’s when WordPress admins go into defensive mode and require all users to reset and change their passwords. But is that enough? Does strict password enforcement even matter if hackers are able to uncover that information from a cracked […]