An astounding 1.5 million pages from WordPress were defaced by hackers in 2017. Two disastrous security threats called Specter and Meltdown were found at the beginning of the year 2018. Almost all computer chips manufactured in the past twenty years were thought to be affected. In the past, security breaches like these were common. This […]
Blog
Plugin Vulnerability: Download Plugins and Themes from Dashboard
The plugin ‘Download Plugins and Themes from Dashboard’ (https://wordpress.org/plugins/download-plugins-dashboard/) , a plugin that lets you download installed plugins and themes ZIP files directly from your admin dashboard without using FTP with 10,000+ installs has been identified to have multiple security flaws in version less than 1.6. NinTechNet discovered a multiple security issues within the Download […]
Plugin Vulnerability: Theme Editor
The plugin Theme Editor (https://en-gb.wordpress.org/plugins/visualizer/) , a plugin that allows you to edit theme files, create folders and more with 30,000+ installs has been identified to have multiple security flaws in version 2.1 and lower. These vulnerabilities were reported by WebArxSecurity (and details can be found here https://www.webarxsecurity.com/wordpress-theme-editor-plugin-multiple-vulnerabilities/. The author release a fixed version (2.2) […]
Plugin Vulnerability: Visualizer
The plugin Visulalizer (https://en-gb.wordpress.org/plugins/visualizer/) , a tables and charts management plugin with over 40,000 installs has been identified to have a security weakness in versions less than 3.3.1 by security researcher Nathan Davidon ( https://nathandavison.com/ ). The plugin developers released an update yesterday including a fix. Recommendation Our recommendation is to immediately update to version […]
Plugin Vulnerability: Rich Reviews
The plugin Rich Reviews (https://en-gb.wordpress.org/plugins/rich-reviews/) has been closed on the WordPress repository since March 2019 for security issues. However security researchers at WordFence ( https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/) have reported that this vulnerability is being exploited in the wild. Recommendation Our recommendation is to immediately remove the Rich Reviews plugin and find an alternative. Users of FullWorks Security […]
Plugin Vulnerability: Delucks SEO
The plugin Delucks SEO (https://en-gb.wordpress.org/plugins/visualizer/) , has been identified to have a security weakness in versions less than 2.1.7 as reported on The Ninja Technologies Network (https://blog.nintechnet.com/vulnerability-in-the-wordpress-delucks-seo-plugin-actively-exploited/) The plugin developers released an update including a fix. Recommendation Our recommendation is to immediately update to version 2.1.7 or above. Users of FullWorks Security will have been […]