New in Wordfence 6.3.11: Abandoned and Removed Plugin Alerts

https://www.wordfence.com/blog/2017/06/abandoned-removed-plugin-alerts/

This entry was posted in Wordfence, WordPress Security on June 20, 2017 by Dan Moen   0 Replies

On Thursday of last week, we released Wordfence 6.3.11 which included a really exciting new feature: we are now alerting you if you are running a plugin that either appears to be abandoned or has been removed from the WordPress.org plugin directory.

Powered by WPeMatico

Canadian Web Hosting [Ad]

Making Changes to Fix Claimed Vulnerabilities in WordPress Plugins Can Have a Negative Impact

https://www.pluginvulnerabilities.com/2017/06/19/making-changes-to-fix-claimed-vulnerabilities-in-wordpress-plugins-can-have-a-negative-impact/

Fairly regularly we have found that reports of vulnerabilities in WordPress plugins turn out to be false. That doesn’t always stop developers from making change to fix them as if they really existed (at the same time developers often don’t fix real vulnerabilities). In many cases the change improves the plugin as the change doesn’t fix a vulnerability, but what

Powered by WPeMatico

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Multi Feed Reader

https://www.pluginvulnerabilities.com/2017/06/19/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-multi-feed-reader/

Recently a report was released claiming that a SQL injection vulnerability had been fixed in the latest version of the plugin Multi Feed Reader. In checking into that we found that while the change made in that version improved security, it looked like there may not have actually been a vulnerability in the code before. While looking in to that report we

Powered by WPeMatico

Canadian Web Hosting [Ad]