IgniteUp < 3.4.1 – Multiple Issues

https://wpvulndb.com/vulnerabilities/9943

Safe SVG < 1.9.6 – XSS Protection Bypass

https://wpvulndb.com/vulnerabilities/9942

Funnel Builder by CartFlows < 1.3.1 – Authenticated Arbitrary Plugin Activation

https://wpvulndb.com/vulnerabilities/9941

Password Policy Manager 2.0 – Multisite networks support & first time login password change

https://www.wpwhitesecurity.com/password-policy-manager-2-0/
Today we are announcing Password Policy Manager 2.0! We are very excited about this release. Finally, WordPress multisite network administrators can also enforce strong password policies. In this update we have also added the new first time login password change policy. In addition to these new features, we have added several other plugin improvements, as we highlight in these release notes. WordPress multisite network support Typically, multisite networks have many users. In most cases the network’s administrators do not even know who owns the users, and how security conscious they are. So the need to enforce strong WordPress password policies […]

5 Common WordPress Security Issues

https://ithemes.com/wordpress-security-issues/
If you own a WordPress-powered website or are considering using WordPress as your CMS, you may be concerned about potential WordPress security issues. In this post, we’ll outline a few of the most common WordPress security vulnerabilities, along with steps you can take to secure and protect your WordPress site. Is WordPress Secure? The answer to the question “is WordPress secure?” is it depends. WordPress itself is very secure as long as WordPress security best practices are followed. According to the latest usage of content management systems data from W3Techs, WordPress powers 34% off all websites. So WordPress security vulnerabilities […]

Tidio Live Chat <= 4.1.0 CSRF to Stored XSS

https://wpvulndb.com/vulnerabilities/9938

Safe SVG <= 1.9.4 – Denial of Service

https://wpvulndb.com/vulnerabilities/9937

WP-VCD: The Malware You Installed On Your Own Site

https://www.wordfence.com/blog/2019/11/wp-vcd-the-malware-you-install-on-your-own-sites/
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the campaign shows no signs of slowing down. In today’s post, we are publishing a comprehensive whitepaper analyzing WP-VCD. This whitepaper contains the full details of our research efforts into this prevalent campaign. It is intended as a resource for threat analysts, security researchers, WordPress developers […]

Currency Switcher for Woocommerce < 2.11.2 – Security Restrictions Bypass

https://wpvulndb.com/vulnerabilities/9936

How to Protect Your WordPress Site from Getting Hacked

https://bitofwp.com/security/howto-protect-wordpress-from-being-hacked/
There is nothing scarier than your WordPress site being compromised and you feel helpless not knowing what to do to protect your WordPress site from Hackers. It takes a toll on your business, your revenue, your brand’s reputation and you even lose your sleep over it. Since WordPress Security is always on our mind here is a useful list of the 20 steps you need to take to protect your WordPress site from Hackers. How can you prevent your WordPress site from keep getting hacked? Here is a useful top 20 list of all the things you need to do […]