11 Jan

Our Proactive Monitoring Caught a Remote Code Execution (RCE) Vulnerability in an Unreleased Version of MailPress

In a reminder of the negative impact of WordPress intentionally leaving those using vulnerable plugins unaware of it, there are still 3,000+ active installs, according to wordpress.org, of the plugin MailPress. Back in July of 2016 we noted that it appeared that hackers were targeting it, while disclosing a vulnerability we had found in it [Read more]

14 Jul

Local File Inclusion (LFI) Vulnerability in MailPress

One of the things we do to protect our customers from vulnerabilities in WordPress plugins is to monitor our websites for activity indicating that someone is looking to exploit a vulnerability in a plugin. That recently has been allowing us to detect quite a few serious vulnerabilities that it looks like no one else is spotting, [Read more]