A new security and maintenance WordPress-release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. This new version has version number 6.0.2. Because this release contains security fixes, it is recommended that you update all your sites immediately. All versions since WordPress 3.7 have also been updated. If you have […]
WordPress 6.0.2 Security and Maintenance Release Read More »
Author: Devansh Bordia WordPress is the world’s most popular content management platform, used on 45% of websites. This also makes it an attractive target for malicious attackers! In 2021, more than 1.5 million WordPress websites were compromised. In this article, we will cover many ways that your WordPress instance may be attacked, and how to
Best Practices for Securing Your WordPress Site Read More »
While WordPress core is well-tested and widely used, it allows plugins to be installed. Those plugins can be developed by, well, anyone! They enable many significant enhancements to the core platform but also have the potential to compromise the security of the entire website, even when they are not activated. This begs the question, as
Security in WordPress plugin development Read More »
Author: Duncan Jepson 22% of compromised WordPress websites occurred via vulnerabilities in their installed plugins. This was a staggering statistic to me when I first heard it. Because of this, I decided to take a bit of a dive into researching WordPress plugins and their vulnerabilities. From a defensive position, you should clearly understand the
Enumerating WordPress Plugins at Scale Read More »
The WPSec team couldn’t miss such an important event as WordCamp Europe 2022. We are very excited to share the experience of this event, which will take place in the city of Porto (Portugal) between June 2 and 4, 2022. What is a WordCamp? A WordCamp is an annual community event around the free software
Meet the WPSec team at the WordCamp Europe 2022 Read More »
Author: Luke (@hakluke) Stephens It always blows me away to think that WordPress runs 43% of all websites, including those without a content management system (CMS) 🤯. A single open source project is responsible for such a huge part of the internet! It’s interesting to think about what might happen if a severe vulnerability was
Discovering Vulnerabilities in WordPress Plugins at Scale Read More »
Do you have a blog, an e-mail list or a successful YouTube channel but don’t know how to monetize it? Would you like to join forces with us and be part of a thrilling journey? If that’s you, WPSec’s Affiliate Program is exactly what you’ve been waiting for. Our team is always looking to find
Ready to make money? Discover WPSec’s affiliate program! Read More »
PyShell is new tool made for bug bounty, ethical hacking, penetration testers or red-teamers. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language
Backdooring WordPress using PyShell Read More »
I have many years of working with clients and one of the most common concerns that comes up after putting security in place is regarding the startling number of how many baddies are constantly attacking their site, especially on WordPress. Over the years, I’ve been asked dozens of times questions like: “I see hundreds of
A new vulnerability has been discovered in the popular plugin UpdraftPlus. The plugin has more than 3 millon active installations currently and the vulnerability has a CVE identifier reserved as CVE-2022-23303. The developers behind updraftplus has made an announcement: “an update was pushed to Premium users within the hour”. Marc-Alexandre Montpas the cyber security researcher
UpdraftPlus WordPress plugin vulnerability Read More »