#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

wordpress update | Breaking Cybersecurity News | The Hacker News

Category — wordpress update
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Nov 07, 2018
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the unpatched websites. WooCommerce is one the most popular eCommerce plugins for WordPress that helps websites to upgrade their standard blog to a powerful online store. WooCommerce powers nearly 35% of e-stores on the internet, with more than 4 million installations. Exploiting WooCommerce File-Deletion and WordPress Design Flaws The attack demonstrated in the following video takes advantage of the way WordPress handles user privileges and WooCommerce file deletion vulnerability, allowing an account with "Shop Manager" role to eventually reset administrator accounts' pass
WordPress Update Breaks Automatic Update Feature—Apply Manual Update

WordPress Update Breaks Automatic Update Feature—Apply Manual Update

Feb 09, 2018
WordPress administrators are once again in trouble. WordPress version 4.9.3 was released earlier this week with patches for a total 34 vulnerabilities, but unfortunately, the new version broke the automatic update mechanism for millions of WordPress websites. WordPress team has now issued a new maintenance update, WordPress 4.9.4 , to patch this severe bug, which WordPress admins have to install manually. According to security site WordFence , when WordPress CMS tries to determine whether the site needs to install an updated version, if available, a PHP error interrupts the auto-update process. If not updated manually to the latest 4.9.4 version, the bug would leave your website on WordPress 4.9.3 forever, leaving it vulnerable to future security issues. Here's what WordPress lead developer Dion Hulse explained about the bug: "#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human e
How to Get Going with CTEM When You Don't Know Where to Start

How to Get Going with CTEM When You Don't Know Where to Start

Oct 04, 2024Vulnerability Management / Security Posture
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities - before they can be exploited by attackers.  On paper, CTEM sounds great . But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming. The process of putting CTEM principles into practice can look prohibitively complex at first. However, with the right tools and a clear understanding of each stage, CTEM can be an effective method for strengthening your organization's security posture.  That's why I've put together a step-by-step guide on which tools to use for which stage. Want to learn more? Read on… Stage 1: Scoping  When you're defin
Expert Insights / Articles Videos
Cybersecurity Resources