The WordPress Vulnerability report is as follows.
WordPress Plugins :
1. WordPress deploys forced security update for dangerous bug in popular plugin
- This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.
- The plugin provides security enhancements for the WordPress login page. According to its official description, Loginizer can blacklist or whitelist IP address from accessing the WordPress login page, can add support for two-factor authentication, or can add simple CAPTCHAs to block automated login attempts, among many other features.
2. Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered
- Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers.
- The threat was significant, and made even more serious due to the fact that over one million sites are running the Loginizer plugin – believing it to be protecting their websites from attack.
3. Vulnerability in WordPress plugin TI WooCommerce Wishlist could allow full site takeover
- A critical vulnerability in a WordPress plugin with more than 70,000 active installations could grant an attacker full administrative access, including the ability to modify and takeover a site’s database.
4. WordPress Plug-in Updated in Rare Forced Action
- The security team at WordPress has taken advantage of a powerful, but rarely used, feature in the content management platform to force an update to a popular plug-in across the entire user base. Loginizer, with more than a million installations, was updated after researchers found a critical vulnerability that could have allowed an attacker to take control of a site through SQL injection techniques.
It is crucial to the security of your WordPress site that you have an update routine.
You should be logging into your sites at least once a week to perform updates.