WordPress Flaws and Vulnerabilities

Vulnerability in WooCommerce 2.1.6

May 12, 2014 2 comments

WooCommerce 2.1.6 contains a vulnerability capable to display any post title of any type. This is included since 2.0. It therefore becomes possible, modifying the purchase address directly in the address bar, to display post title from any type and any status. We can display titles from drafts, pendings, protected, et other Custom Post Type even if not designed to be displayed in front-end. Knowing that it exists […]

Read more
Web Flaws and Vulnerabilities

Heartbleed Vulnerability, Dissected

April 12, 2014 0 comments

Heartbleed in 2 words It’s huge. Heartbleed in a few words Heartbleed take its name from Heartbeat, from where came the flaw, this big security flaw discovered the 8th april 2014. This is in the SSL protocol (used by many sites and services in the world) that flaw permit to a hacker, in certain conditions, to extract passwords, secret […]

Read more
Secure WordPress

Add a Good Security Point With 3 Hooks

January 20, 2014 0 comments

After the WordCamp Paris 2014, i’m back to share a tip based on fact to force some options on some values, they can become malicious: Force the admin email address Force this value with a hardcoded one, you’ll be sur to always receive important emails in relation with WordPress. Force the non-registering possibility With the same […]

Read more
WordPress Flaws and Vulnerabilities

WordPress 3.6.1 : Maintenance and Security

September 11, 2013 0 comments

After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release. WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately. It addresses three issues fixed […]

Read more