Security Alert: WordPress 5.1.1 security release

WordPress security updates

As of March 12th 2019, WordPress 5.1.1 is available. This is a security and maintenance release meaning that it patches some security issues. Details of the vulnerabilities are limited in their release notes, but if you’re running a WordPress site you should check that your site is updated to the latest release to make sure …

Read moreSecurity Alert: WordPress 5.1.1 security release

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no …

Read moreWordPress 4.9.2 security release & YITH Wishlist vulnerability

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the …

Read moreWordPress patches 4 new security issues

Vulnerability found in popular WordPress SEO plugin Yoast

wordpress

This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but …

Read moreVulnerability found in popular WordPress SEO plugin Yoast

WordPress 4.8.3 security release

wordpress

WordPress, the popular web platform, have today released a security update to some of its files to prevent an SQL injection vulnerability. According to the WordPress release post all prior versions of WordPress “are affected by an issue [which] can create unexpected and unsafe queries leading to potential SQL injection (SQLi).” The WordPress core doesn’t appear to …

Read moreWordPress 4.8.3 security release

Security update to WordPress (4.8.2)

wordpress

Yesterday, WordPress issued an update to it’s core. This is a security release, so you’re strongly advised to update immediately if you’re running WordPress. According to the release notes for v4.8, it fixes 9 security vulnerabilities in version 4.8.1 and earlier. Check that you’re running on the latest version by logging into your WordPress dashboard – …

Read moreSecurity update to WordPress (4.8.2)

Wordfence reports increase in TrafficTrade malware infection caused by theme

wordpress

WordPress security experts, Wordfence, are reporting a “significant increase in the number of WordPress websites hit by an infection [they’re] calling TrafficTrade.” Wordfence says there seems to be two routes to infection. A small number caused by a redundant searchreplacedb2.php script (which they reported as an issue a few weeks back). The bulk of infections though, are …

Read moreWordfence reports increase in TrafficTrade malware infection caused by theme

WordPress 4.7.5 Security Release

wordpress

Overnight, WordPress released a security update to the WordPress core. This means there’s a new version of WordPress that fixes some known issues with the previous release. WordPress 4.7.5 (and other lower version derivatives) patches six security vulnerabilities according to their release notes; Wordfence suggest that the suddenness of the release could suggest it patches much …

Read moreWordPress 4.7.5 Security Release