Information Leakage on multiple WordPress themes by WooThemes
David Dede This weekend there was a post on the Full disclosure list about multiple vulnerabilities on some WordPress themes by WooThemes. This is what the message…
Browsing Category
WordPress Security
672 posts
Links Injection on WordPress – Blackhat SEO Spam (basicpills) update
For the last few months we’ve been tracking a very large blackhat SEO spam campaign initiated by basicpills.com, and many other pharma-related domains (mostly located…
WordPress 3.1.3 available (security fixes)
If you are using WordPress, make sure to upgrade it now. The version 3.1.3 was just released with a few security fixes: * Various security…
WP-DBManager Security update (serious issue)
Just a quick note that if you are using the WordPress WP-DBManager plugin, make sure to update it as soon as possible. Old versions of…
Are WordPress users taking care of their security? State of Blog Security – Part I
Almost two years ago we published an article on the “state of blog security” (focused on WordPress) where we checked the percentage of blogs that…
WordPress 3.1.2 released – Security fixes
The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It…
Automattic / WordPress hacked – Security incident
The guys from Automattic (WordPress) posted today a brief statement about a security incident that they suffered. Tough note to communicate today: Automattic had a…
Link injection on hacked WordPress sites – Blackhat SEO spam
The last few months we’ve been tracking, and helping webmasters affected by a very large blackhat SEO spam campaign initiated by basicpills.com, and many other…
WordPress 3.1.1 is available (security fixes)
There is a new version of WordPress available (3.1.1) that includes multiple security fixes. These are the changes according to WordPress.org: Some security hardening to…
APRIL FOOLS: No Serious Security Vulnerability on WordPress 3.x – Remote Command Execution
This post was not real. It was an attempt at humor, as bad as it may seem. The post has been removed, and we understand…
Database injection and lessthenaminutehandle.com – Intermediary domains
We posted a few days ago about a large scale database injection attack affecting shared hosts. The infected sites got the following javascript malware inserted…