Blog

On July 13th two critical SQL Injection vulnerabilities were reported and patched in the WooCommerce and WooCommerce Blocks WordPress plugins. SQL Injection vulnerabilities allow attackers to ‘piggyback’ on SQL queries, usually allowing the attacker to read, write and edit database data. Although SQL Injection vulnerabilities can sometimes be difficult to exploit manually, tools such as sqlmap…

Over the past 10 years that WPScan have been cataloging WordPress vulnerabilities, we have had many hundreds of independent security researchers contribute to our WordPress vulnerability database. Today, we talk to m0ze, a long time WPScan vulnerability database contributor, who shares his thoughts on the state of WordPress security today. Please introduce yourself.My name is Vlad, also…

Today, April 15th, 2021, WordPress released version 5.7.1, a security and maintenance release that reportedly patches two security vulnerabilities. The WordPress release announcement lists the following two security vulnerabilities as being patched in version 5.7.1: Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. Thanks Mikael Korpela for reporting a data exposure vulnerability within the…