A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user input. Unauthenticated PHP Object Injection A vulnerability was discovered in the popular Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin. The purpose of the plugin is … Read more
WordPress Gutenberg 13.8 is here, unpacking further incremental improvements to the Gutenberg block editor. Some of the improvements are relatively trivial additions, like adding a WhatsApp icon to the Social Icon Block. But others are more important because they give template designers the ability to provide more design options for their users. Chief among these … Read more
The United States government’s National Vulnerability Database published a notification of a vulnerability discovered in the official WordPress Gutenberg plugin. But according to the person who found it, WordPress is said to have not acknowledged it’s a vulnerability. Stored Cross-Site Scripting (XSS) Vulnerability XSS is a type of vulnerability that happens when someone can upload … Read more
