A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user input. Unauthenticated PHP Object Injection A vulnerability was discovered in the popular Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin. The purpose of the plugin is … Read more
The United States government’s National Vulnerability Database published a notification of a vulnerability discovered in the official WordPress Gutenberg plugin. But according to the person who found it, WordPress is said to have not acknowledged it’s a vulnerability. Stored Cross-Site Scripting (XSS) Vulnerability XSS is a type of vulnerability that happens when someone can upload … Read more
A popular WordPress anti-malware plugin was discovered to have a reflected cross-site scripting vulnerability. This is a type of vulnerability that can allow an attacker to compromise an administrator level user of the affected website. Affected WordPress Plugin The plugin discovered to contain the vulnerability is Anti-Malware Security and Brute-Force Firewall, which is used by … Read more
