WordPress 2.3.0-4.7.4 – Authenticated SQL injection

https://wpvulndb.com/vulnerabilities/8906

WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection

https://wpvulndb.com/vulnerabilities/8905

SQL Shortcode <= 1.1 – Authenticated SQL Execution

https://wpvulndb.com/vulnerabilities/8904

WP Like Post <= 1.5.2 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/8903

Vuln: WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

http://www.securityfocus.com/bid/100912
WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

WordPress Security Update 4.8.2 – Update Immediately

https://www.wordfence.com/blog/2017/09/wordpress-security-update-4-8-2/
This entry was posted in WordPress Security on September 19, 2017 by Mark Maunder   0 Replies WordPress Core version 4.8.2 has just been released. This is a minor update and a security release which means that your sites will update automatically within the next 24 hours unless you have disabled auto updates. The update includes a fix to $wpdb->prepare()

WordPress 4.8.2 Security and Maintenance Release

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening

Vulnerability Details: Media Editing Vulnerability in MediaPress

https://www.pluginvulnerabilities.com/2017/09/19/vulnerability-details-media-editing-vulnerability-in-mediapress/
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. We sometimes see people complaining about that the information needed to exploit a WordPress plugin

Authenticated Information Disclosure Vulnerability in Share Drafts Publicly

https://www.pluginvulnerabilities.com/2017/09/19/authenticated-information-disclosure-vulnerability-in-share-drafts-publicly/
The changelog entry for version 1.1.4 of Share Drafts Publicly is “Added security enhancements.”. In looking over that we found a change was made to fix a cross-site request forgery (CSRF) vulnerability that existed with AJAX functionality to share a draft of a post or page publicly. The exploitability of that is limited since an attacker that causes a draft to be

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

https://www.wordfence.com/blog/2017/09/real-time-ip-blacklist-stats/
This entry was posted in Wordfence, WordPress Security on September 19, 2017 by Dan Moen   0 Replies WordPress sites are under constant attack by criminals around the world. It is unnerving to see them at work, looking for security vulnerabilities to exploit and trying thousands of passwords. And when they are successful, they inflict pain in the form of