wpsecuritybloggers.com wpsecuritybloggers.com

Unpacking the WordPress 5.5.2/5.5.3 Security Release

On Thursday, October 29, the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet. There was a subsequent 5.5.3 release one day later; you can read about the emergency WP 5.5.3 release here. As with every release, the Wordfence team analyzed this release to determine the...

wpsecuritybloggers.com wpsecuritybloggers.com

The Month in WordPress: October 2020

October 2020 was a notable month for WordPress lovers, thanks to the release of several products and updates. Read on to keep up with all the latest news! The 2020 WordPress Annual Survey is out The team published the 2020 WordPress Annual survey —  to help those who build WordPress to understand more about our software usage and our contributors’ experience. The Annual Survey will be open for at least 6 weeks and is available in...

wpsecuritybloggers.com wpsecuritybloggers.com

WordPress 5.5.3 Maintenance Release

WordPress 5.5.3 is now available.  This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file. 5.5.3-alpha Issue Earlier today — between...

wpsecuritybloggers.com wpsecuritybloggers.com

Episode 91: How Hackers Can Use CSRF Vulnerabilities and Spearphishing to Wreak Havoc on WordPress

On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc, much like the phishing campaigns now being found on the Canva design platform. With WordPress adding application passwords for REST API authentication, we discuss the benefits coming with...

wpsecuritybloggers.com wpsecuritybloggers.com

Add a WordPress Admin User Account via PHP

Sometimes our WordPress plugin users need to create an Admin user account for their sites. In this tutorial I will share a small PHP code with you that can be used to create a WordPress Administrator user to your site. Alternatively, you can also create a WordPress admin user via MySQL. You will need to have FTP access to your site so you can access and edit the theme files. Step 1) Log in via FTP Log into your site via FTP and browse...

wpsecuritybloggers.com wpsecuritybloggers.com

High Severity Vulnerability Patched in Child Theme Creator by Orbisius

On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in order to modify arbitrary theme files and create new PHP files, which could allow an attacker to achieve remote code execution (RCE) on a vulnerable site’s server. We initially...