Get started today. Now with 10-16% off!

Security Blog

1,000,000 WordPress Web Sites Affected by an Unauthenticated SQL Injection Vulnerability in LayerSlider Plugin 7.9.11 – 7.10.0

The LayerSlider plugin for WordPress (versions between 7.9.11 and 7.10.0) is vulnerable to an Unauthenticated SQL Injection. It is mandatory to immediately update to the latest patched version of the plugin that solves the problem. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. LayerSlider Plugin 7.9.11 – 7.10.0 - Unauthenticated SQL Injection Plugin slug: LayerSlider Update to version: 7.10.1 The breach can be done trough the ls_get_popup_markup action due to insufficient escaping on the user supplied parameter...

read more

Dangerous Bug in WP-Members Membership Plugin – Unauthenticated Stored Cross-Site Scripting Vulnerability <= 3.4.9.2

In the plugin installed on over 60,000 web sites (WP-Members Membership - a membership plugin with content restriction and custom registration) an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability has been reported recently. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting vulnerability Plugin slug: wp-members Update to version: 3.4.9.3 The vulnerability...

read more

Missing Authorization Vulnerability in Blog2Social Plugin <= 6.9.11

A new vulnerability (Missing Authorization) has been discovered in Blog2Social WordPress Plugin which is installed on over 70,000 sites. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. Blog2Social Plugin <= 6.9.11 - Missing Authorization vulnerability Plugin slug: blog2social Update to version: 6.9.12 The bug makes it possible for authenticated attackers that have minimal permissions, for example subscribers, to change the plugin’s settings.

read more

What Is Cross-Site Request Forgery (CSRF)

Cross-site request forgery (also known as CSRF) is an internet security vulnerability that allows an attacker to trick a user into performing an action they don't want. This allows attackers to partially bypass the same-origin policy designed to prevent different websites from interfering with each other. A successful CSRF attack forces the victim user to perform an unintended action. For example, changing your account email address, changing your password, sending money, etc. Depending on the nature of the action, the attacker could gain complete control of the user's account. If the...

read more

WordPress Core 6.0.3 Security Release

On October 17, 2022, the WordPress core team released WordPress version 6.0.3, which contains patches for a total of 16 vulnerabilities, including SQL injection, stored XSS, open redirect, data exposure and cross-site request forgery vulnerabilities. The good news is that most of these are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. Anyway because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site...

read more

What Is Open Redirect Vulnerability

An open redirect vulnerability occurs when an application allows a user to control redirects or redirect to another URL. If the app fails to validate untrusted user input, an attacker could provide a URL that redirects an unsuspecting victim from a legitimate domain to the attacker's phishing site. Attackers exploit open redirects to make phishing attacks more credible. Most users check for legitimate and trusted domains but are unaware of redirects to phishing sites. Although this vulnerability does not necessarily directly affect legitimate applications, it can adversely affect the...

read more

WordPress Will Drop Security Updates for Versions >= 3.7 and <= 4.0 by December, 2022

Why? Web sites running older WordPress 3.7 – 4.0 form a very low percentage of all WordPress installations. But backporting all the security updates to older versions of WordPress takes a substantial amount of time; this must be done for each new major version released. The decision on which versions to drop support for is based on the versions percentage of the web sites reported on the WordPress usage statistics page. The Decision The WordPress Security Team is going to cease providing updates for WordPress versions 3.7 to 4.0 as of December 1, 2022. The "bad news" is that WordPress offers...

read more

Zero-Day Vulnerability in WPGateway <= 3.5

The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard. Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator. More details are coming. We have a solution for this vulnerability and you can order our PRO Maintenance Plan to secure your website!

read more

WordPress Core 6.0.2 Security and Maintenance Release

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WordPress <= 6.0.1 - Authenticated...

read more

Critical Vulnerability Patched in Ninja Forms WordPress Plugin <= 3.6.10

Recently information about two code injection vulnerabilities surfaced the web that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserializes user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance...

read more

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from WordPress.org repository only.

Sign up for the security newsletter