Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Simple Events Calendar
While looking in to what turned out be a false report of a vulnerability in the plugin Simple Events Calendar, we noticed there is a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability in the plugin. When the plugin’s admin page is requested, the function that generates that page checks if a new event has been submitted with the request using the

Black Friday & Cyber Monday 2017 WordPress Deals
Below is a list of promotional codes and promotions our business partners are running this year for the Black Friday and Cyber Monday weekend. Note: We only endorse and promote products we use ourselves to run our WordPress websites. WP Security Audit Log Plugin The WP Security Audit Log is WordPress’ most comprehensive and popular WordPress audit trail plugin. Offer:

Best Black Friday Deals 2017
Best Deals Ever SecuPress – WordPress Security Plugin SecuPress is a WordPress Security Plugin like no other, the first special thing is about its scanner that will test your installation to give you a grade that indicates a level of security of your website.Then – and again like no other – the 4 steps wizard will guide you through

Our Plugin Security Checker Can Now Check WordPress Plugins Not in the Plugin Directory
We are currently waiting on several plugins to have security issues identified in part based on the results of our recently introduced tool for doing limited automated security checks of WordPress plugins to be fixed to be able to discuss real world examples of how the tool can be play a useful role in checking on the security of plugins. One

WordPress Plugin Security Review: Nav Menu Roles
For our fifteenth security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin Nav Menu Roles. If you are not yet a customer of the service you can currently sign up for the service for half off and then start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already

The Benefits of Installing a WordPress Multisite from BlogVault
A content management powerhouse, WordPress has excellent plugins and incredible themes to offer. At present “WordPress Multisite” is one add-on to why the users should love the WordPress. Multisite is exceptionally valuable and most likely important, for the individuals who need to make comparable edits or upload content onto a few locales of a network immediately.   Showing

Wordfence’s Idea of Keeping “site owners safe from exploitation” Actually Puts Them At Risk
When it comes to improving the poor state of security, what can be seen over and over is that the focus needs to be on the basics. Take for instance the widely covered breach of Equifax, which was a situation where simply keeping their software up to date would have prevented the breach from happening. But the security industry isn’t

The Developers of WordPress Security Plugins Should Be Setting the Example of Good Security Practices
Recently someone left a negative review of the companion plugin for our service, which seemed more like it was just someone looking to bash us than a legitimate review of the plugin (based on another review of theirs they are a paying customer of Wordfence, which explains a lot). The reviewer didn’t even seem to be all that aware of

Vulnerability Details: Information Disclosure Vulnerability in ProfileGrid
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. Last week we discussed that checking for usage of outdated third-party libraries is difficult when

Vulnerabilities in Formidable Forms, Duplicator and Yoast SEO Plugins
This entry was posted in Vulnerabilities, WordPress Security on November 16, 2017 by Mark Maunder   0 Replies Vulnerabilities have been reported in the Formidable Forms, Duplicator and Yoast SEO WordPress plugins. The Premium version of Wordfence protects against all of these vulnerabilities, even if you have not updated your plugins yet. We do recommend that you update immediately, whether