-
That theme you just bought may not be safe
We’ve all been there. You create a new site and don’t have time to design your own theme for it. You go to either Google or one of the many available theme purchasing sites and buy a theme for your site and voila, all done. But not all themes are safe, even the ones from…
-
All Your Contact Forms Are Belong to Us: Critical Vulnerability Found in PHPMailer
David Golunski found a big vulnerability in PHPMailer. Essentially the sender data isn’t sanitized in PHPMailer versions less than 5.2.18. More details at Wordfence. The 4.7 version of WordPress has PHPMailer in it’s core in /wp-includes/class-smtp.php.
-
Hacking 27% of the Web via WordPress Auto-Update
We think that some of the tools that we use for the web are secure if it comes automatically from a central point. Well, the guys over at Wordfence found a pretty significant point of failure at the api.wordpress.org service.