If you use WP-Super-Cache on WordPress upgrade immediately

April 7, 2015 by Paul Spoerry Leave a Comment

As many as a million websites could be imperiled by a critical vulnerability recently discovered in WP-Super-Cache. The persistent cross-site scripting bug allows attackers to insert malicious code into WordPress-published pages that use the extension, according to a blog post published Tuesday by security firm Sucuri. Anyone who relies on the plug in should immediately upgrade to version 1.4.4, which has fixes for that bug and several others.

"Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page. As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.

When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, injecting backdoors by using WordPress theme edition tools, etc."

Info: http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
Upgrade from your dashboard or: https://wordpress.org/plugins/wp-super-cache/

Check this out on Google+

1.3 million WordPress websites running WP-Slimstat exposed to SQL Injection attacks

February 25, 2015 by Paul Spoerry Leave a Comment

If you're running WordPress and WP-Slimstat you need to make sure you get updated to version 3.9.6 immediately. Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that's used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites.

Check this out on Google+

Security researchers have discovered vulnerabilities in a All in One SEO Pack WordPress…

June 2, 2014 by Paul Spoerry 4 Comments

Security researchers have discovered vulnerabilities in a All in One SEO Pack WordPress extension that leaves sites susceptible to remote hijacking.
Update your #WordPress sites if you use this plugin folks!

Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking
All in One SEO Pack gives unprivileged users admin powers.

View this post on Google+

ManageWP Review – Manage Multiple WordPress Sites From a Single Dashboard

February 22, 2013 by Paul Spoerry 1 Comment

ManageWP is a dashboard that allows you to see what’s going on with all of your WordPress websites in one place. It is hands down the best way to manage multiple WordPress installations from a single interface.

[Read more…]

WordPress The Matrix Easter Egg

February 2, 2012 by Paul Spoerry 1 Comment

Current versions of WordPress contain a Matrix style Easter Egg. It’s funny, fun, and easy to see. [Read more…]