WordPress Flaws and Vulnerabilities

WordPress has made some great strides in terms of security with the latest version releases. Despite all these efforts, flaws and vulnerabilities are always being discovered. It's important to keep an eye on them and make sure to install the proper security patches. Check out our articles regarding some flaws found on WordPress.

Blog WordPress Flaws and Vulnerabilities
WordPress Flaws and Vulnerabilities

Jetpack 4.0.3 Security Patch

June 2, 2016 0 comments

Jetpack 4.0.3 just fixed a security flaw named Stored XSS. It allows a visitor to insert a shortcode containing some HTML attributes usually forbidden. The vulnerability According to Sam Hotchkiss, member of the Jetpack development team, this XSS vulnerability can be found in the shortcodes parsing method, a Jetpack’s one. A attacker could easily add some JavaScript code in your comments to hack your visitor’s […]

Read more
WordPress Flaws and Vulnerabilities

All In One WP Security & Firewall 4.0.9 Security Patch

May 12, 2016 0 comments

On May 10th 2016, All In One WP Security & Firewall patched some SQL injection detected by our team. Those flaws allow any visitor to alter DB queries. This represent a high security risk.

Read more
WordPress Flaws and Vulnerabilities

iThemes Security 5.3.6 Security Fix

April 25, 2016 0 comments

Recently around april, 19th 2016, iThemes Security got patched against a vulnerability discovered by our team, a lack of capability check, allowing any member with any role to perform an Administrator action.

Read more
WordPress Flaws and Vulnerabilities

BJ Lazy Load and TimThumb

September 2, 2015 0 comments

BJ Lazy Load is a plugin to differ the image loads, available for free on the official WordPress repository and he’s using TimThumb. On 1st september 2015, we did some research about Laly loading plugins and we finally discovered that this plugin, BJ Lazy Load v 0.7.5, was using an outdated version of TimThumb, this famous script which is still responsible of […]

Read more