-
What to do about a blind SSRF vulnerability affecting WordPress Core
We have been hearing questions from WPScan clients about a long‑standing vulnerability that has been present in the WordPress software for some time, but we only recently added it to our threat database, so that’s why it has just appeared in results. However, the vulnerability is not new. There is not currently a fix or…
-
The Complete Checklist for WordPress Security Leaders
Automattic, the parent company to WPScan, hosts many of the biggest websites on the web, and security is one of our highest priorities. What follows is our checklist for security leaders. Best Practices for Your WordPress Website Essential Tips for WordPress Plugin Security General Password Hygiene Web Security Guidelines Computer Security Recommendations Guidelines for Phones and Tablets Phew. That’s it. Did…
-
Vulnerabilities Discovered in the 3DPrint Premium Plugin
The premium version of the WordPress plugin 3DPrint is vulnerable to Cross Site Request Forgery (CSRF) and directory traversal attacks when the file manager functionality is enabled. We are also sharing information on this vulnerability over on the Jetpack blog. These vulnerabilities allow an attacker to delete or get access to arbitrary files and directories…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 