Get started today. Now with 10-16% off!

WordPress Security News

1,000,000 WordPress Web Sites Affected by an Unauthenticated SQL Injection Vulnerability in LayerSlider Plugin 7.9.11 – 7.10.0

The LayerSlider plugin for WordPress (versions between 7.9.11 and 7.10.0) is vulnerable to an Unauthenticated SQL Injection. It is mandatory to immediately update to the latest patched version of the plugin that solves the problem. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. LayerSlider Plugin 7.9.11 – 7.10.0 - Unauthenticated SQL Injection Plugin slug: LayerSlider Update to version: 7.10.1 The breach can be done trough the ls_get_popup_markup action due to insufficient escaping on the user supplied parameter...

read more

Dangerous Bug in WP-Members Membership Plugin – Unauthenticated Stored Cross-Site Scripting Vulnerability <= 3.4.9.2

In the plugin installed on over 60,000 web sites (WP-Members Membership - a membership plugin with content restriction and custom registration) an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability has been reported recently. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting vulnerability Plugin slug: wp-members Update to version: 3.4.9.3 The vulnerability...

read more

Missing Authorization Vulnerability in Blog2Social Plugin <= 6.9.11

A new vulnerability (Missing Authorization) has been discovered in Blog2Social WordPress Plugin which is installed on over 70,000 sites. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. Blog2Social Plugin <= 6.9.11 - Missing Authorization vulnerability Plugin slug: blog2social Update to version: 6.9.12 The bug makes it possible for authenticated attackers that have minimal permissions, for example subscribers, to change the plugin’s settings.

read more

WordPress Core 6.0.3 Security Release

On October 17, 2022, the WordPress core team released WordPress version 6.0.3, which contains patches for a total of 16 vulnerabilities, including SQL injection, stored XSS, open redirect, data exposure and cross-site request forgery vulnerabilities. The good news is that most of these are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. Anyway because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site...

read more

WordPress Will Drop Security Updates for Versions >= 3.7 and <= 4.0 by December, 2022

Why? Web sites running older WordPress 3.7 – 4.0 form a very low percentage of all WordPress installations. But backporting all the security updates to older versions of WordPress takes a substantial amount of time; this must be done for each new major version released. The decision on which versions to drop support for is based on the versions percentage of the web sites reported on the WordPress usage statistics page. The Decision The WordPress Security Team is going to cease providing updates for WordPress versions 3.7 to 4.0 as of December 1, 2022. The "bad news" is that WordPress offers...

read more

Zero-Day Vulnerability in WPGateway <= 3.5

The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard. Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator. More details are coming. We have a solution for this vulnerability and you can order our PRO Maintenance Plan to secure your website!

read more

WordPress Core 6.0.2 Security and Maintenance Release

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WordPress <= 6.0.1 - Authenticated...

read more

Critical Vulnerability Patched in Ninja Forms WordPress Plugin <= 3.6.10

Recently information about two code injection vulnerabilities surfaced the web that made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserializes user-supplied content, resulting in Object Injection. This could allow attackers to execute arbitrary code or delete arbitrary files on sites where a separate POP chain was present. It is recommended that you update your sites immediately. In order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance...

read more

Cross-Site Scripting Vulnerability in Download Manager Plugin <= 3.2.42

Download Manager is a file and document management plugin to help manage and control file downloads with various file download controls to restrict unauthorized file access. The plugin also provides a complete solution to sell digital products from WordPress sites, including checkout functionality to complete an order. One feature of the plugin is the ability to use a shortcode to embed files and other assets in a page or post. This function was found to be vulnerable to reflected Cross-Site Scripting. Without proper sanitization and escaping in place on user-supplied inputs, JavaScript can...

read more

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

On March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts. Because this is a security release, it is recommended that you update your sites immediately. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service. WordPress < 5.9.2 -...

read more

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from WordPress.org repository only.

Sign up for the security newsletter