Blog

WordPress Plugin Vulnerabilities BuddyPress < 6.4.0 – Lack of Capability Check on Profile PageWP Google Map Plugin <= 4.1.3 – Authenticated SQL InjectionWPJobBoard < 5.7.0 – Unauthenticated SQL InjectionWPJobBoard < 5.7.0 – Unauthenticated Reflected XSS & XFSMedia Library Assistant < 2.90 – Authenticated Blind SQL InjectionSecure File Manager – Authenticated Remote Command ExecutionWooCommerce Anti-Fraud <=…

Here at WPScan we launched our brand new website, which we’re super happy with, and feedback so far has been overwhelmingly positive! We released three new versions of our WPScan WordPress security scanner, adding the login-uri option to specify the wp-login.php file location. We also released two new versions of our WordPress security plugin, implementing new features such as the ability to…

WordPress 5.5.2 was released on October 30th 2020, reportedly fixing 10 security vulnerabilities. Below are the vulnerabilities that were mentioned in the release notes and that have been added to the WPScan WordPress Vulnerability Database so far, including one from our very own security researcher, Erwan.