November 26, 2024 at 08:42AM Two critical vulnerabilities (CVE-2024-10542 and CVE-2024-10781) in WordPress’s CleanTalk plugin could enable attackers to install malicious plugins, potentially leading to remote code execution. With a CVSS score of 9.8, users are urged to update to versions 6.44 or 6.45 to mitigate risks against unauthorized access. **Meeting Takeaways: Vulnerability / Website … Read more
October 31, 2024 at 06:32AM A critical unauthenticated privilege escalation vulnerability (CVE-2024-50550) has been discovered in the LiteSpeed Cache plugin for WordPress, allowing unauthorized users to gain admin access. The flaw has been patched in version 6.5.2. Users are urged to stay informed on plugin updates due to ongoing WordPress repository changes. ### Meeting Takeaways … Read more
October 15, 2024 at 10:24AM A public dispute has erupted between WP Engine and WordPress founder Matt Mullenweg over the Advanced Custom Fields (ACF) plug-in, following Mullenweg’s decision to fork ACF into Secure Content Fields (SCF). This has led to user confusion regarding updates, security issues, and potential legal actions between the companies. ### Meeting … Read more
October 14, 2024 at 03:37PM Jetpack, a popular WordPress plugin, released a critical update to fix a vulnerability allowing logged-in users to access submitted forms from other visitors. The flaw affects all versions since 3.9.9, with fixes available for 101 versions. Users are urged to upgrade immediately, though no exploitation evidence has been found. ### … Read more
October 8, 2024 at 08:36AM A popular WordPress plug-in, LiteSpeed Cache, containing a cross-site scripting flaw (CVE-2024-47374), has been exploited by attackers, potentially enabling privilege escalation and malicious code installation on affected websites. A simple patch has been issued by Patchstack, allowing administrators to update to the fixed version 6.5.1 immediately to prevent vulnerabilities. After … Read more
October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more
September 26, 2024 at 09:56AM WordPress.org has banned WP Engine from accessing its resources and delivering plugin updates, leaving end-users vulnerable to potential hacks. The conflict between the two involves alleged alteration of WordPress core feature for profit, legal disputes, and criticism. Users are advised to seek alternative hosting providers due to the uncertain resolution. … Read more
September 25, 2024 at 09:48PM WordPress has blocked WP Engine’s servers from accessing WordPress.org resources, including software updates. This action could prevent WP Engine users from updating plugins, leading to potential security issues. WordPress co-founder Matt Mullenweg has accused WP Engine of profiting from WordPress without contributing to its development, leading to a conflict between … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
August 23, 2024 at 01:32AM Hackers are exploiting a critical vulnerability in LiteSpeed Cache, a WordPress plugin for speeding up response times, just one day after the technical details were made public. Based on the meeting notes, it is imperative to take immediate action to address the critical severity vulnerability in LiteSpeed Cache, a WordPress … Read more