We have been alerted about applications that use the root store provided by Mozilla for purposes other than what Mozilla’s root store is curated for. We provide a root store … Read moreThe post Beware of Applications Misusing Root Stores appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2021/05/10/beware-of-applications-misusing-root-stores/
Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole. With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make that transition with your website. But it can also have an unintended consequence for […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/_g9FmAupO1A/how-to-find-fix-mixed-content-issues-with-ssl-https.html
Apple patches a gatekeeper bypass vulnerability that has been exploited in the wild on MacOS. Though this vulnerability requires some social engineering to exploit, it is believed to have been actively exploited since January 9, 2021. Some Digital Ocean customers were affected by a data breach exposing personally identifiable information. A WordPress trac conversation considers […]
More info:
https://www.wordfence.com/blog/2021/04/episode-115-update-your-mac-gatekeeper-bypass-vulnerability-exploited-in-the-wild/
On March 4, 2021, the Wordfence Threat Intelligence team initiated responsible disclosure for a Time-Based Blind SQL Injection vulnerability discovered in Spam protection, AntiSpam, FireWall by CleanTalk, a WordPress plugin installed on over 100,000 sites. This vulnerability could be used to extract sensitive information from a site’s database, including user emails and password hashes, all […]
More info:
https://www.wordfence.com/blog/2021/05/sql-injection-vulnerability-patched-in-cleantalk-antispam-plugin/
As WordPress grows, both in usage as a CMS and in participation as a community, it’s important for us to shed the idea that software creation is only about what literally can be done to code or what literally can be done to core or what literally can be done to the CMS. That was […]
More info:
https://wordpress.org/news/2021/05/the-month-in-wordpress-april-2021/
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and reporting of vulnerabilities is […]
More info:
https://ithemes.com/wordpress-vulnerability-report-may-2021-part-1/
If you’re serious about your website’s security, then it’s time to learn about the dangers of SQL injections and how you can combat them. The term SQL injection (also called SQLi) refers to a type of cyberattack technique that is a common way for hackers to compromise websites of all kinds, including sites that run […]
More info:
https://ithemes.com/sql-injection-wordpress/
A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over […]
More info:
https://www.wordfence.com/blog/2021/05/episode-116-packagist-patch-shows-how-supply-chain-threats-could-impact-wordpress/
This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of […]
More info:
https://pagely.com/blog/wordpress-security-updates-april-2021/
Most site owners are well-aware of the impact of both good and bad Search Engine Optimization (SEO). As such, monitoring how SEO affects your site is vital. In fact, there’s a simple way to keep a log of Yoast SEO changes across your entire site. We develop an activity log extension with which you can […]
More info:
https://wpactivitylog.com/keep-log-yoast-seo-changes/