Individuals’ security and privacy on the internet are fundamental. Living up to that principle we are announcing the following changes to Mozilla’s Root Store Policy (MRSP) which will come into … Read moreThe post Upgrading Mozilla’s Root Store Policy to Version 2.7.1 appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2021/04/26/mrsp-v-2-7-1/
An FBI initiative began remotely removing webshells from infected Microsoft Exchange servers. WordPress 5.7.1 was released with a few security patches. Over 15 Elementor add on plugins were found to have vulnerabilities similar to those found in the main Elementor plugin; these additional plugin vulnerabilities affected over 3.5 million sites with over 100 vulnerable endpoints. […]
More info:
https://www.wordfence.com/blog/2021/04/episode-113-an-unprecedented-fbi-operation-removes-webshells-from-infected-exchange-servers/
Over the past 10 days, Wordfence has blocked over 14 million attacks targeting Privilege Escalation Vulnerabilities in The Plus Addons for Elementor Pro on over 75% of sites reporting attacks during this period. By April 13, 2021, this campaign was targeting more sites than all other campaigns put together. Number of sites attacked per day […]
More info:
https://www.wordfence.com/blog/2021/04/widespread-attacks-continue-targeting-vulnerabilities-in-the-plus-addons-for-elementor-pro/
Many alarm themselves when they notice WordPress failed login attempts on their websites. On the other hand, security and tech-savvy people do not bother much about failed login attempts. After all, every website will get its fair share of bot traffic and dictionary attacks. Does your WordPress website receive a lot of failed login attempts? […]
More info:
https://www.wpwhitesecurity.com/wordpress-failed-login-attempts/
On February 11, 2021, our Threat Intelligence team responsibly disclosed several vulnerabilities in Redirection for Contact Form 7, a WordPress plugin used by over 200,000 sites. One of these flaws made it possible for unauthenticated attackers to generate arbitrary nonces for any function. The second flaw made it possible for authenticated attackers to install arbitrary […]
More info:
https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
iThemes Security is a know security plugin in the WordPress community since years. One week ago we discovered a security issue in their “Hide Backend” module, leaking the hidden login page. This ByPass Vulnerability has been patched in 7.9.1, update it if you’re using it. ITS (iThemes Security) < 7.9.1 suffers of a GET/POST/REQUEST bug […]
More info:
https://secupress.me/blog/ithemes-security-7-9-1-hide-backend-bypass/
If you’re concerned about cross-site scripting and how it impacts your WordPress website, you’re definitely not being paranoid. While the vulnerability of cross-site scripting, or XSS, is not exclusive to WordPress site owners, its potential negative impacts on WordPress sites are incredibly important to understand. In this guide, we’ll break down the cross-site scripting vulnerabilities […]
More info:
https://ithemes.com/cross-site-scripting-wordpress/
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This post covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, and WordPress […]
More info:
https://ithemes.com/wordpress-vulnerability-report-april-2021-part-3/
Today, April 21, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day vulnerability that is being actively exploited in Kaswara Modern WPBakery Page Builder Addons, a premium plugin that we estimate has over 10,000 installations. This vulnerability was reported this morning to WPScan by “Robin Goodfellow.” The exploited flaw makes it possible […]
More info:
https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/
Copy by Anne McCarthy (@annezazu) and Design by Mel Choyce-Dwan (@melchoyce) In WordPress circles (whether it’s your local meetup, a trusted publication, or your networking group), you may have heard terms like Core Editor, Gutenberg, and the Block Editor used interchangeably over the last four years. And if you’re following contributor work on the project […]
More info:
https://wordpress.org/news/2021/04/become-an-early-adopter-with-the-gutenberg-plugin/
