16 Jan

Our Proactive Monitoring Caught an Authenticated Remote Code Execution (RCE) Vulnerability in WP-Stateless

One of the ways we help to improve the security of WordPress plugins, not just for our customers, but for everyone using them, is the proactive monitoring of changes made to plugins in the Plugin Directory to try to catch serious vulnerabilities. Through a recently added improvement to that we continue to find more remote code [Read more]

30 Oct

Vulnerability Details: Authenticated Remote Code Execution Vulnerability in Unyson

This Vulnerability Details post about a vulnerability in the plugin Unyson provides the details of a vulnerability we didn’t discover and access to it is limited to customers of our service, unlike the posts on vulnerabilities we have discovered, which are freely available and give you an idea of what information is provided in the [Read more]

28 Nov

Authenticated Remote Code Execution (RCE) Vulnerability in NextGEN Gallery

In reviewing reports of vulnerabilities to add them to our data, two of the important things we do is determining what type of vulnerability there actually is, as sometimes vulnerabilities are mislabeled, and we also check to make sure that vulnerability has actually been fixed. Those two can together when looking at a recent report of [Read more]

11 Jul

Protecting You Against Wordfence’s Bad Practices: Remote Code Execution (RCE) Vulnerability in WP Maintenance Mode

Wordfence is putting WordPress website at risk by disclosing vulnerabilities in plugins with critical details needed to double check their work missing, in what appears to be an attempt to profit off of these vulnerabilities. We are releasing those details so that others can review the vulnerabilities to try to limit the damage Wordfence’s practice could cause. Wordfence describes [Read more]

10 Jun

Protecting You Against Wordfence’s Bad Practices: Authenticated Remote Code Execution (RCE) Vulnerability in EWWW Image Optimizer

Wordfence is putting WordPress website at risk by disclosing vulnerabilities in plugins with critical details needed to double check their work missing, in what appears to be an attempt to profit off of these vulnerabilities. We are releasing those details so that others can review the vulnerabilities to try to limit the damage Wordfence’s practice could cause. Wordfence describes [Read more]