Building on the robust infrastructure of WordPress 5.1, another release is in the offing at the end of this month. Perhaps the most crucial thing to note with the new update – WordPress 5.2 – is that all users would have to upgrade their version of PHP to PHP 5.6.20.   Following the release of WordPress 5.1, many users have taken the plunge, updating to more recent PHP versions. So you just might fancy doing same if you’ve not done that to prevent losing out on the latest features to follow WordPress 5.2.  If you’re thinking a manual WordPress update, well that wouldn’t work too. Presently, WordPress recommends that users upgrade to its recommended version – PHP 7.3 And it’s[…]

It has been reported by W3Techs that about one-third of the top ten million sites on the web is powered by WordPress. The WordPress market share has experienced tremendous steady growth in the last few years. There has been an increase from 29.9% to 33.4% within a year. That is a great improvement. The state of things here is quite exciting. We were happy when we first saw 50,000 downloads in 2005, and in January 2011, the project reached another milestone whereby 13.1% of websites were being powered by WordPress. And now, a new record has been set as WordPress is powering 33.4% of the sites. The most recent release, which came out on 21st of February, has been downloaded[…]

The WordPress open-source content management system, CMS, will indicate warning in its backend admin panel whenever the site is being run on an out-of-date PHP version. The plan in place is to make the warnings display for sites making use of a PHP version preceding the 5.6.x branch (<=5.6). There will be an inclusion of a link within the warnings; the link will lead to a WordPress support page containing information that sites owners can follow to update the PHP version in their servers. However, if the owners of the sites are using tightly-controlled web hosting environments to run their WordPress portals, then the web host will be presented with the opportunity of altering this link with a custom URL[…]

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this vulnerability, run your free scan today.

Except for the “Try Gutenberg” callout in the just released WordPress version 4.9.8 there are a ton of privacy fixes. The 4.9.8 WordPress release includes a total of 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in 4.9.6. Some of the privacy fixes include: The type of request being confirmed is now included in the subject line for all privacy confirmation emails. Improved consistency with site name being used for privacy emails in multisite. Pagination for Privacy request admin screens can now be adjusted. Increased the test coverage for several core privacy functions. I think this is a small step but in the right direction for the WordPress community. Privacy[…]

The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms <= 3.2.13 – Cross-Site Scripting (XSS) Swape Theme – Authentication Bypass and Stored XSS flickrRSS <= 5.3.1 – XSS and CSRF Instagram Feed <= 1.5.1 – Cross-Site Scripting (XSS) Run your free scan at WPScans.com >

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at wpscans.com

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – Backdoored Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS) SmokeSignal <= 1.2.6 – Authenticated Stored XSS WP Like Post <= 1.5.2 – Authenticated SQL Injection SQL Shortcode <= 1.1 – Authenticated SQL Execution WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection VaultPress 1.89-1.9 – Unauthenticated RCE Content Audit <= 1.9.1 – Cross-Site Scripting (XSS)[…]