AI Helps to Detect Incomplete Security Fix Being Made to 1+ Million Install WordPress Plugin WP File Manager – Plugin VulnerabilitiesFeb 29more_vert
WooCommerce Vulnerability Listed as Being Fixed in Upcoming Release Was Already Fixed – Plugin VulnerabilitiesFeb 28more_vert
NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins – Plugin VulnerabilitiesFeb 22more_vert
Not Really a WordPress Plugin Vulnerability, Week of February 16 – Plugin VulnerabilitiesFeb 16more_vert
Hacker Likely Targeting This Incompletely Fixed Authenticated Plugin Installation Vulnerability in WordPress Plugin NextMove Lite – Plugin VulnerabilitiesFeb 13more_vert
WordPress Plugin Team Appears to Not Understand Proper Use of SQL Escaping Function esc_sql() – Plugin VulnerabilitiesFeb 12more_vert
Hacker Targeted WordPress Backup Plugin Didn't Actually Get Fix for Log File Disclosure – Plugin VulnerabilitiesFeb 8more_vert
Cloudflare Still Providing DNS Service for WordPress Security Team Impersonation Scam – Plugin VulnerabilitiesFeb 7more_vert
Wordfence Claims It Is a Vulnerability For Users With the unfiltered_html Capability to Use Unfiltered HTML – Plugin VulnerabilitiesFeb 5more_vert
WordPress Security Providers Falsely Claimed Cloudflare's Plugin Contained Vulnerability – Plugin VulnerabilitiesFeb 5more_vert
Bug Introduced in WordPress 6.4.3 Highlights a Problem With Fixing Vulnerabilities That Are Not Really Vulnerabilities – Plugin VulnerabilitiesFeb 2more_vert
Elementor is Still Providing Access to Security Nonces to WordPress Users Who Shouldn't Have Them – Plugin VulnerabilitiesJan 30more_vert
Hacker Targeting Incompletely Fixed Vulnerability in 100000+ Install WordPress Plugin Cookie InformationJan 30more_vert
Cloudflare Only Added One Firewall Rule for a WordPress Plugin Vulnerability Last Year and It Was Eight Months Late – Plugin VulnerabilitiesJan 30more_vert
What to Do If Someone is Claiming There is a Vulnerability in Your WordPress Plugin – Plugin VulnerabilitiesJan 29more_vert
Wordfence Claims Unfixed WordPress Plugin Vulnerability Has Been Fixed in Version That Doesn't Even Exist – Plugin VulnerabilitiesJan 29more_vert
Not Really a WordPress Plugin Vulnerability, Week of January 26 – Plugin VulnerabilitiesJan 26more_vert
Contrary to Bleeping Computer Story, Hackers Don't Seem to Have Targeted Security Issue in Better Search Replace – Plugin VulnerabilitiesJan 26more_vert
How to Use the sanitize_callback When Using the WordPress register_setting() Function – Plugin VulnerabilitiesJan 26more_vert
Catching a Future Vulnerability in a WordPress Plugin With Our Plugin Security Checker – Plugin VulnerabilitiesJan 26more_vert
Wordfence is Claiming It Is a Critical Vulnerability for WordPress Administrators to Upload Arbitrary Files – Plugin VulnerabilitiesJan 26more_vert
The Right Way for WordPress Plugins to Secure Order By Clauses in SQL Statements – Plugin VulnerabilitiesJan 25more_vert
WordPress Plugin Developers Need to Make Sure There Nonce Checks Both Work if a Nonce Isn't Sent or if the Nonce is Wrong – Plugin VulnerabilitiesJan 24more_vert
The WordPress Function maybe_unserialize() Won't Prevent PHP Object Injection – Plugin VulnerabilitiesJan 23more_vert
Many CVE Records Are Listing the Wrong Versions of Software as Being Affected – Plugin VulnerabilitiesJan 22more_vert
WordPress Plugin Developers Are Still Creating Vulnerabilities by Improperly Using the permission_callback for WordPress Rest API Endpoints – Plugin VulnerabilitiesJan 22more_vert
Eight Months In, Really Simple SSL's Plugin Vulnerability Data is Claiming That Unfixed Vulnerabilities Have Been Fixed – Plugin VulnerabilitiesJan 19more_vert
Malcare's Review of Wordfence Recommends Malcare Instead Without Disclosing They Make It – Plugin VulnerabilitiesJan 18more_vert
Awesome Motive Is Claiming That Sucuri Is the Best WordPress Security in 2024 Based on Features It Doesn't Contain – Plugin VulnerabilitiesJan 18more_vert
Wordfence Is Warning That Vulnerabilities Are Critical When They Are Not – Plugin VulnerabilitiesJan 17more_vert
Hacker Targeting Vulnerability Fixed in WordPress Plugin LearnPress Late Last Month – Plugin VulnerabilitiesJan 17more_vert
Wordfence Didn't Make Sure Vulnerability in WooCommerce Had Been Fixed (Or That It Even Existed) – Plugin VulnerabilitiesJan 16more_vert
The WordPress Function sanitize_text_field() Function Doesn't Sanitize User Input for SQL Statements – Plugin VulnerabilitiesJan 15more_vert
Google's Search Results for The Best WordPress Security Plugins in 2024 is as Bad As You Would Expect – Plugin VulnerabilitiesJan 12more_vert
Password Strength Doesn't Matter if a Hacker Knows The Password Because It Was Compromised Through Malware – Plugin VulnerabilitiesJan 9more_vert
Five Years In, Wordfence Security Still Doesn't Provide Protection When Using WordPress Block Editor – Plugin VulnerabilitiesJan 9more_vert
WordPress Hasn't Provided Fix for Severe Vulnerability Being Exploited in the Frontend Admin Plugin – Plugin VulnerabilitiesJan 8more_vert
Confusion Over Proper Usage of esc_url_raw() Includes Developers of 1+ and 5+ Million Install WordPress Security Plugins – Plugin VulnerabilitiesJan 5more_vert
Hackers Relying on WordPress Security Providers' Information to Target Vulnerabilities in WordPress Plugins – Plugin VulnerabilitiesJan 5more_vert
YouTuber Falsely Claims You Can Easily Prevent WordPress Websites From Getting Hacked With Solid Security – Plugin VulnerabilitiesJan 5more_vert
WordPress Plugin Developer Security Advisory: Brainstorm Force – Plugin VulnerabilitiesJan 4more_vert
WordPress Plugin Developers Still Have to Wait Nearly Two Months for Review When Submitting New Plugin – Plugin VulnerabilitiesJan 3more_vert
Wordfence Premium Adding Firewall Rules for Vulnerabilities in Under 10 Plugins a Month – Plugin VulnerabilitiesJan 3more_vert
Five WordPress Security Plugins Prevented Exploitation of Serious Vulnerability in Another Security Plugin – Plugin VulnerabilitiesJan 2more_vert
SiteGround Recommends Against Using WordPress Security Plugins That Actually Protect Against Vulnerabilities – Plugin VulnerabilitiesDec 22more_vert
Hacker Tries to Exploit Fake Vulnerability 11 Years After It Was Falsely Claimed to Exist – Plugin VulnerabilitiesDec 21more_vert
NinjaFirewall's Rule For Vulnerability Doesn't Really Add Much Protection – Plugin VulnerabilitiesDec 20more_vert
Two 1+ Million WordPress Plugins From SiteGround, Sponsor of Plugin Review Team Rep, Collecting Website Data Without Consent – Plugin VulnerabilitiesDec 15more_vert
Wordfence Call CSRF Vulnerabilities “Low Risk” While Criticizing Competitor After Previously Calling Them “High Severity” – Plugin VulnerabilitiesDec 15more_vert
NinTechNet's Website Security Scanner Isn't a Good Option for Testing the Security Provided by WordPress Firewall Plugins – Plugin VulnerabilitiesDec 14more_vert
SiteGround Labels Their WordPress Security Plugin as Web Application Firewall (WAF) Despite Not Having One – Plugin VulnerabilitiesDec 14more_vert
Wordfence Security Still More Than Doubles Peak Memory Usage Over WordPress By Itself – Plugin VulnerabilitiesDec 12more_vert
Elementor Issues Second Fix for Authenticated Arbitrary File Upload Vulnerability – Plugin VulnerabilitiesDec 8more_vert
Digging In To The Authenticated Arbitrary File Upload Vulnerability in Elementor – Plugin VulnerabilitiesDec 7more_vert
Contrary to Claims by Patchstack and Wordfence the Gutenberg Plugin Doesn't Contain an Authenticated XSS Vulnerability – Plugin VulnerabilitiesDec 6more_vert
Wordfence's “Highly Credentialed and Industry-Leading Vulnerability Researchers and Analysts” Don't Understand Local File Inclusion – Plugin VulnerabilitiesDec 6more_vert
Wordfence Premium Added “Real-Time Firewall Protection” for Plugin Vulnerability Over Two Months After It Was Disclosed – Plugin VulnerabilitiesDec 5more_vert
WordPress Download Manager Plugin Exposed Passwords, Still Is Storing Plaintext Passwords – Plugin VulnerabilitiesDec 4more_vert
Latest Release of Contact Form 7 Didn't Actually Fix Authenticated (Editor+) Arbitrary File Upload Vulnerability – Plugin VulnerabilitiesDec 1more_vert
Developer of Solid Security Thinks That Their Plugin Shouldn't Be Easier to Secure Than Chrome Web Browser – Plugin VulnerabilitiesDec 1more_vert
Siteground's Security Plugin's Advanced XSS Protection Isn't Protection, Advanced or Otherwise – Plugin VulnerabilitiesNov 30more_vert
The Developer of BulletProof Security Pro Knows it Doesn't Actually Protect Against Most Zero-Days – Plugin VulnerabilitiesNov 29more_vert
900000+ Install WordPress Security Plugin Solid Security Focused on Non-Existent Threat – Plugin VulnerabilitiesNov 28more_vert
Patchstack's Plugin Vulnerability Data Continues to Not Be Impeccable Either – Plugin VulnerabilitiesNov 27more_vert
300000+ Install Widgets for Google Reviews WordPress Plugin Doesn't Contain a High Risk Arbitrary File Upload VulnerabilityNov 22more_vert
Information Disclosure Vulnerability Fixed in The Events Calendar – Plugin VulnerabilitiesNov 21more_vert
Latest Version of 2+ Million Install MC4WP: Mailchimp for WordPress Fixes Minor Security Issue – Plugin VulnerabilitiesNov 20more_vert
WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That – Plugin VulnerabilitiesNov 20more_vert
Wordfence's Plugin Vulnerability Data Copied From Competitors Continues to Not Be Impeccable – Plugin VulnerabilitiesNov 17more_vert
Wordfence Security Doesn't Offer The Industry Leading Firewall – Plugin VulnerabilitiesNov 16more_vert
1+ Million Install WordPress Plugin Duplicator Hardening Update Actually Fixes CSRF Vulnerability – Plugin VulnerabilitiesNov 16more_vert
WooCommerce Extending Plugins Might Not Actually Be Written With All WordPress Security Standards in Mind – Plugin VulnerabilitiesNov 15more_vert
Wordfence Security's Country Blocking Isn't an Effective Measure Against Hackers – Plugin VulnerabilitiesNov 13more_vert
Developer of WP Fastest Cache Obliquely Discloses SQL Injection Vulnerability, Fix Isn't Generally Available – Plugin VulnerabilitiesNov 10more_vert
The Wordfence Security Plugin Isn't Actually Protecting Against Brute Force Attacks – Plugin VulnerabilitiesNov 8more_vert
How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic's Jetpack Didn't – Plugin VulnerabilitiesNov 7more_vert