Those who use the All-in-One WP Migration plugin are encouraged to update to version 7.0 as soon as possible as 6.97 contains an admin backend cross-site-scripting vulnerability. An attacker would already have to be able to either compromise the database or gain access to a user account with high enough privileges to view the backup history, so some damage has …
The Ultimate Guide to WordPress Security
Hackers attack WordPress sites both big and small with over 90,978 attacks happening per minute. Fortunately, there are numerous ways you can protect your WordPress site. Today, I want to share with you how you can make your WordPress site’s security air tight with basic through to advanced techniques. I’ll also explore how WordPress can […]
BuddyPress 2.7.4 Patches Security Vulnerability That Could Allow Arbitrary File Deletion
The BuddyPress development team has released BuddyPress 2.7.4 to address a security vulnerability that affects all versions back to 2.0. According to John James Jacoby, lead developer of BuddyPress, “This version patches a vulnerability to the BuddyPress core attachments API that could allow arbitrary file deletion on certain installation configurations.” The vulnerability was responsibly disclosed by Sam Pizzey through the HackerOne …