WordPress to Show Warnings on Servers Running Outdated PHP Versions

The WordPress open-source content management system, CMS, will indicate warning in its backend admin panel whenever the site is being run on an out-of-date PHP version. The plan in place is to make the warnings display for sites making use of a PHP version preceding the 5.6.x branch (<=5.6). There will be an inclusion of …

WordPress to Show Warnings on Servers Running Outdated PHP Versions Read More »

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available and it is a security release for all versions since WordPress 3.7. We strongly encourage you to update all your sites immediately. Plugin authors are also encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. Since some of the vulnerabilities covered in 5.0.1 might affect plugins. WordPress versions 5.0 and earlier are …

WordPress 5.0.1 Security Release Read More »

Vulnerability in WordPress WP GDPR Compliance plugin

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this …

Vulnerability in WordPress WP GDPR Compliance plugin Read More »

WordPress 4.9.2 is now available

WordPress 4.9.2 is now available for download. This release is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your sites immediately. We also recommend using WPScans.com to scan your WordPress installation. This release contains a critical security fix for a XSS security bug in the Media Elements library …

WordPress 4.9.2 is now available Read More »

WordPress Backdoor detection

WPSec can now detect at least three different backdoored WordPress plugins. The plugins are: Duplicate Page and Post 2.1.0-2.1.1 No Follow All External Links 2.1.0-2.3.0 WP No External Links 4.2.1-4.3 We recommend that you run the free scan available at www.wpsec.com

How to sniff WordPress login credentials with Wireshark over an HTTP connection

Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, …

How to sniff WordPress login credentials with Wireshark over an HTTP connection Read More »

New WordPress Vulnerability checks – Week 49

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at …

New WordPress Vulnerability checks – Week 49 Read More »