Blog

Over the past 10 years that WPScan have been cataloging WordPress vulnerabilities, we have had many hundreds of independent security researchers contribute to our WordPress vulnerability database. Today, we talk to m0ze, a long time WPScan vulnerability database contributor, who shares his thoughts on the state of WordPress security today. Please introduce yourself.My name is Vlad, also…

Today, April 15th, 2021, WordPress released version 5.7.1, a security and maintenance release that reportedly patches two security vulnerabilities. The WordPress release announcement lists the following two security vulnerabilities as being patched in version 5.7.1: Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. Thanks Mikael Korpela for reporting a data exposure vulnerability within the…

Zerodium, a company that buys security exploits to then resell to government entities, tripled its price for WordPress Remote Command Execution (RCE) exploits. In a tweet sent out on Friday, April 9th, Zerodium announced that they had temporarily tripled the price they pay out to security researchers for WordPress RCE exploits. Increasing the payout from…