The opinion is that an open source script is vulnerable to all sorts of attacks. But that is mostly not true – sometimes it’s the other way around. Or, okay, let’s say that it’s partially true, but even then you shouldn’t blame WordPress.
Why? Because it’s usually your fault that your site got hacked. There are some responsibilities that you have to take care of as a website owner. So the key question is always, what are *you* doing to save your site from being hacked? (more…)
As reported by the Wordfence guys, Ninja Forms – a popular form plugin (contact forms, subscription forms, etc.) – is suffering from a number of serious security vulnerabilities.
Put together, those vulnerabilities have been labeled “very high risk,” which in web-security-speak basically means this: (more…)
This is somewhat of a breaking news.
In short: WordPress users have to face possible hacker attacks if they are dealing with the WooCommerce plugin.
Sucuri team just discovered a dangerous vulnerability during their routine audit for their web application firewall.
It seems that the vulnerability inside WooCommerce is Object Injection related and it could allow any hacker to download compromising files from the vulnerable server. The problem appears only if the “PayPal Identity Token” option is set. (more…)