"All-In-One SEO Pack 2.3.7" Plugin Must be Updated ASAP

WordFence is reporting that serious vulnerabilities have been found in the "All-In-One SEO Pack", version 2.3.7.  If you're using this plugin you should updated it ASAP.  The plugin author released version 2.3.8 which fixes the vulnerability yesterday afternoon.  This vulnerability allows an attacker to inject javascript code into a page ... Read More »

13th Jul 2016
WP **Squirrly SEO** Plugin Security Issues

The WordPress plugin, "Squirrly SEO" has released version 6.1.5, fixing two security vulnerabilities.  If you're running any version lower than 6.1.5 you should upgrade ASAP as the earlier versions do have exploitable vulnerabilities.Wordfence reports that the two vulnerabilities are as follows: Vulnerability 1: Privilege Escalation CVSS ... Read More »

11th Jul 2016
URGENT: Update JETPACK Immediately

For the second time in just the last several weeks Jetpack has released a major security update to address serious security vulnerabilities.  Jetpack is the second most popular WordPress plugin - so you probably have it on your site.  The update fixes three vulnerabilities: a vulnerability that allowed an attacker to perform unauthorized ... Read More »

23rd Jun 2016
Update Your WordPress EWWW Image Optimizer Plugin ASAP

WordFence is reporting that the WordPress plugin "EWWW Image Optimizer" has been exploited.  A vulnerability was found this morning and hackers have already exploited it on thousands of WordPress sites.  If you have this plugin on your site, please update it as soon as possible.  The developer has released a fix, so updating will stop the ... Read More »

9th Jun 2016
How to Avoid Security Risks with WordPress Plugins

Every week and sometimes several times a week, we get word that a vulnerability has been found in a WordPress plugin that has been exploited by hackers to either send spam, create search engine spam or to in other ways deface your WordPress website. Therefore, it seems like a good idea to offer some tips on how to choose plugins.  The first ... Read More »

2nd Jun 2016
WP Mobile Detector Plugin has been Exploited

June 2, 2016Sucuri is reporting that the WordPress plugin, WP Mobile Detector has a new Zero Day vulnerability that will allow an attacker to exploit the Arbitrary File Upload (AFU) vulnerability.  The plugin has been removed from the WordPress repository and there is no patch available at this time.The vulnerability is very easy to ... Read More »

2nd Jun 2016