WordPress <= 5.2.3 – Admin Referrer Validation


WordPress <= 5.2.3 – Server-Side Request Forgery (SSRF) in URL Validation


WordPress <= 5.2.3 – JSON Request Cache Poisoning


WordPress <= 5.2.3 – Stored XSS in Style Tags


WordPress <= 5.2.3 – Viewing Unauthenticated Posts


WordPress <= 5.2.3 – Stored XSS in Customizer


WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer. Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts. Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags. Props to David Newman […]

Top 10 Website Hardening Tips

Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: 1 – Keep your website updated Every single piece of software required to run your application needs to be kept up to date with the latest patches and security updates. Website vulnerabilities come in all shapes and sizes, so it is important to update your CMS along with any third party components like plugins, themes, and extensions. Continue reading Top 10 Website Hardening Tips at Sucuri Blog.

Popup-Maker < 1.8.12 – Multiple Vulnerabilities


Lara Google Analytics <= 2.0.4 – Authenticated Stored XSS