New WordPress plugin and theme vulnerabilities were disclosed during the second half of November. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-november-2020-part-2/
When it comes to annoying website errors, not many are more irritating to your visitors than 404 error pages. In most cases, your visitor will have clicked through from either a search result or an internal link placed on another page or post, only to find that there’s nothing there. For potential customers visiting your […]
More info:
https://wpactivitylog.com/keep-log-404-errors-wordpress/
Intel SSD vulnerabilities CVE-2020-0584, CVE-2020-12309, CVE-2020-12310, CVE-2020-12311 Security Advisory Security Advisory Description CVE-2020-0584 Buffer overflow in firmware for Intel(R) SSD ...
More info:
https://support.f5.com/csp/article/K55539088?utm_source=f5support&utm_medium=RSS
The BIG-IP DNS/GTM system may be exposed to DNS hijacking when the BIG-IP system host name belongs to a public domain name that the BIG-IP owner does not control Security Advisory Security ...
More info:
https://support.f5.com/csp/article/K32518458?utm_source=f5support&utm_medium=RSS
Linux kernel vulnerabilities CVE-2020-8694 and CVE-2020-8695 Security Advisory Security Advisory Description CVE-2020-8694 Insufficient access control in the Linux kernel driver for some Intel(R) ...
More info:
https://support.f5.com/csp/article/K32512431?utm_source=f5support&utm_medium=RSS
PHP 8.0 is set to be released on November 26, 2020. As the programming language powering WordPress sites, PHP’s latest version offers new features that developers will find useful and improvements that promise to greatly enhance security and performance in the long run. It also fully removes a number of previously deprecated functions. PHP 8 […]
More info:
https://www.wordfence.com/blog/2020/11/php-8-what-wordpress-users-need-to-know/
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search engines or blacklists. This is by design — attackers intentionally try to prevent detection by arranging injected links so they are not visible to average human traffic. One of the […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/Mxq_Tmz0Fmw/hidden-seo-spam-link-injections-on-wordpress-sites.html
Two hosting providers experienced outages this week. GoDaddy had a brief outage affecting numerous systems on Tuesday, November 17. Managed.com had an extensive outage due to ransomware that affected all systems. We discuss what types of incident response preparations site owners should consider when events beyond their control occur. We also discuss a large-scale attack […]
More info:
https://www.wordfence.com/blog/2020/11/episode-96-hosting-provider-failures-and-incident-response-preparedness/
The BIG-IP HTTP parser can incorrectly parse a tab character Security Advisory Security Advisory Description When scanning a URI, the HTTP parser on the BIG-IP system may periodically treat a tab ...
More info:
https://support.f5.com/csp/article/K18263026?utm_source=f5support&utm_medium=RSS
Today, we’re pleased to announce that all customers of Wordfence site cleaning services receive an annual clean site guarantee. If your site is compromised again after our team has cleaned and secured your WordPress site, we’ll clean it again for free. Additionally, we’re expanding our Security Services Team coverage to 24/7 effective immediately. The Wordfence […]
More info:
https://www.wordfence.com/blog/2020/11/wordfence-site-cleaning-guarantee-extended-to-1-year/
