WordPress 2.3.0-4.7.4 – Authenticated SQL injection


WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection


SQL Shortcode <= 1.1 – Authenticated SQL Execution


WP Like Post <= 1.5.2 – Authenticated SQL Injection


Vuln: WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

WordPress Prior to 4.8.2 Multiple Input Validation Security Vulnerabilities

WordPress Security Update 4.8.2 – Update Immediately

This entry was posted in WordPress Security on September 19, 2017 by Mark Maunder   0 Replies WordPress Core version 4.8.2 has just been released. This is a minor update and a security release which means that your sites will update automatically within the next 24 hours unless you have disabled auto updates. The update includes a fix to $wpdb->prepare()

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening

Vulnerability Details: Media Editing Vulnerability in MediaPress

From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. We sometimes see people complaining about that the information needed to exploit a WordPress plugin

Authenticated Information Disclosure Vulnerability in Share Drafts Publicly

The changelog entry for version 1.1.4 of Share Drafts Publicly is “Added security enhancements.”. In looking over that we found a change was made to fix a cross-site request forgery (CSRF) vulnerability that existed with AJAX functionality to share a draft of a post or page publicly. The exploitability of that is limited since an attacker that causes a draft to be

Staying Ahead of WordPress Attackers with the Real-Time IP Blacklist

This entry was posted in Wordfence, WordPress Security on September 19, 2017 by Dan Moen   0 Replies WordPress sites are under constant attack by criminals around the world. It is unnerving to see them at work, looking for security vulnerabilities to exploit and trying thousands of passwords. And when they are successful, they inflict pain in the form of