Blog

Yesterday, October 14th 2019, WordPress released version 5.2.4 as a security release. According to WordPress, WordPress version 5.2.4 fixes 6 security issues. WordPress <= 5.2.3 – Stored XSS in CustomizerWordPress <= 5.2.3 – Unauthenticated View Private/Draft PostsWordPress <= 5.2.3 – Stored XSS in Style TagsWordPress <= 5.2.3 – JSON Request Cache PoisoningWordPress <= 5.2.3 -…

WPScan started as a simple Ruby script in 2011 to help identify vulnerabilities in self-hosted WordPress websites. The simple script matured into a large software project and gained popularity amongst the security and WordPress communities. For many years we did not think of WPScan as a business, but since last year we decided that to…

Password brute forcing is a common attack that hackers have used in the past against WordPress sites at scale. In 2017 Wordfence documented a huge password brute force attack, which saw 14.1 million attacks per hour at its peak. Attackers are looking for users, preferably administrators, with weak passwords to be able to login to WordPress…