WordPress 4.2.4 Security and Maintenance Release  Posted August 4, 2015 by Samuel Sidler. Filed under Releases, Security. WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that  [...]
WordPress 4.2.1 Released to Patch Comment Exploit Vulnerability Sarah Gooding April 27, 2015 4 photo credit: Will Montague – cc This morning we reported on an XSS vulnerability in WordPress 4.2, 4.1.2, 4.1.1, and 3.9.3, which allows an attacker to compromise a site via its comments. The security team quickly patched the vulnerability and released  [...]
WordPress Security Alert – WP Super cache Credit: Wikipedia Upgrade immediately ITWorld|April 8, 2015 Security firm Sucuri revealed on their blog this week that they had uncovered a persistent cross-site scripting vulnerability in the popular WordPress plugin WP Super Cache. The effects of this vulnerability can be severe as an attacker can potentially insert malicious code  [...]
WordPress 4.0.1 Security Release
Posted November 20, 2014 by Andrew Nacin. Filed under Releases, Security. WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you  [...]
New Zero-Day Vulnerability Discovered in TimThumb Script
WordPress Security Alert: New Zero-Day Vulnerability Discovered in TimThumb Script Sarah Gooding June 25, 2014 20 photo credit: kama17 – cc Security vulnerabilities have plagued the TimThumb script for years. It is most commonly used in cropping, zooming and resizing images in WordPress themes. After the large scale attacks launched against the script a few  [...]
Web Security Issues
A serious vulnerability in the WP eCommerce Plugin was announced within the last 24 hours (321st Oct 2014) . A fix has been released and some hosting companies are already auto-upgrading customers to the newest version. Upgrade to 3.8.14.4 of WP eCommerce immediately if you use this plugin. Please spread the word because with almost  [...]
How to upgrade to SSL certificates from SHA1 to SHA2
With Chrome version 39 which is in the process of being released (see footnote), Google has started issuing warnings if a website is using a certificate that has a signature algorithm that uses the older and less secure SHA1. To find out which signature algorithm your secure website is using, in Chrome click on the green  [...]