Jul 13th "All-In-One SEO Pack 2.3.7" Plugin Must be Updated ASAP

WordFence is reporting that serious vulnerabilities have been found in the "All-In-One SEO Pack", version 2.3.7.  If you're using this plugin you should updated it ASAP.  The plugin author released version 2.3.8 which fixes the vulnerability yesterday afternoon.  This vulnerability allows an attacker to inject javascript code into a page ... Read More »

Jul 11th WP **Squirrly SEO** Plugin Security Issues

The WordPress plugin, "Squirrly SEO" has released version 6.1.5, fixing two security vulnerabilities.  If you're running any version lower than 6.1.5 you should upgrade ASAP as the earlier versions do have exploitable vulnerabilities.Wordfence reports that the two vulnerabilities are as follows: Vulnerability 1: Privilege Escalation CVSS ... Read More »

Jun 23rd URGENT: Update JETPACK Immediately

For the second time in just the last several weeks Jetpack has released a major security update to address serious security vulnerabilities.  Jetpack is the second most popular WordPress plugin - so you probably have it on your site.  The update fixes three vulnerabilities: a vulnerability that allowed an attacker to perform unauthorized ... Read More »

Jun 9th Update Your WordPress EWWW Image Optimizer Plugin ASAP

WordFence is reporting that the WordPress plugin "EWWW Image Optimizer" has been exploited.  A vulnerability was found this morning and hackers have already exploited it on thousands of WordPress sites.  If you have this plugin on your site, please update it as soon as possible.  The developer has released a fix, so updating will stop the ... Read More »

Jun 2nd How to Avoid Security Risks with WordPress Plugins

Every week and sometimes several times a week, we get word that a vulnerability has been found in a WordPress plugin that has been exploited by hackers to either send spam, create search engine spam or to in other ways deface your WordPress website. Therefore, it seems like a good idea to offer some tips on how to choose plugins.  The first ... Read More »

Jun 2nd WP Mobile Detector Plugin has been Exploited

June 2, 2016Sucuri is reporting that the WordPress plugin, WP Mobile Detector has a new Zero Day vulnerability that will allow an attacker to exploit the Arbitrary File Upload (AFU) vulnerability.  The plugin has been removed from the WordPress repository and there is no patch available at this time.The vulnerability is very easy to ... Read More »