September 11, 2024 at 01:37PM Starting October 1st, WordPress.org requires two-factor authentication for accounts that can push updates to plugins and themes. This decision aims to reduce the risk of unauthorized access and supply-chain attacks. The 2FA security feature needs to be activated, and SVN-specific passwords have been added for making code changes. Technical limitations … Read more
August 22, 2024 at 02:00AM A critical security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-28000, CVSS score: 9.8) could allow unauthenticated users to gain administrator privileges. It has been patched in version 6.4 released on August 13, 2024. This vulnerability underscores the importance of strong and unpredictable security hashes or nonces in web … Read more
December 12, 2023 at 09:30AM Two popular WordPress plugins, Elementor and Backup Migration, have been found to have critical remote code execution (RCE) vulnerabilities, affecting over 5 million users. Elementor’s RCE flaw was due to an authenticated arbitrary file upload issue, while Backup Migration’s CVE-2023-6553 vulnerability was exploited to include malicious PHP code. Updated versions … Read more