by Sarah Gooding | Apr 4, 2019 | News, pipdig, Plugins, security, Themes, Wordpress Resources
Over the weekend, Pipdig, a small commercial theme company, has been at the center of a scandal after multiple reports exposed a litany of unethical code additions to its Pipdig Power Pack (P3) plugin. On Friday, March 29, Wordfence threat analyst Mikey Veenstra...
by Sarah Gooding | Mar 2, 2019 | News, Plugins, security, Wordpress Resources
Freemius, a monetization, analytics, and marketing library for WordPress plugin and theme developers, patched an authenticated option update vulnerability in its wordpress-sdk four days ago. The library is included with many popular plugins, such as NextGEN Gallery...
by Sarah Gooding | Feb 21, 2019 | bootstrap, News, Plugins, security, Wordpress Resources
Bootstrap has released versions 4.3.1 and 3.4.1 to patch an XSS vulnerability (CVE-2019-8331) that was reported to the Bootstrap Drupal project by a developer and then responsibly disclosed to the Bootstrap development team. The vulnerability specifically affects...
by Jeff Chandler | Mar 3, 2018 | cryptography, Plugins, security, updates, Wordpress Resources
In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of...
by Sarah Gooding | Oct 3, 2017 | News, security, wordpress, Wordpress Resources, wp-cli
The WP-CLI team is initiating a new project that aims to bring checksum verification to plugins and themes. Checksums are a method of verifying the integrity of files. Three years ago, WP-CLI added the capability of verifying WordPress core checksums using the MD5...
by Sarah Gooding | Feb 14, 2017 | News, security, sucuri, wordfence, Wordpress Resources
photo credit: Code & Martini by Ivana Vasilj – cc licenseIt has been nearly two weeks since the WordPress security team disclosed an unauthenticated privilege escalation vulnerability in a REST API endpoint in 4.7 and 4.7.1. The vulnerability was patched...
