ZDNet: Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

ZDNet: Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins. “A US-based cyber-security firm has published details about two zero-days that impact two of Facebook’s official WordPress plugins. The details also include proof-of-concept (PoC) code that allows hackers to craft exploits and launch attacks against sites using the two plugins.”

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw. “Industrious French security researcher Robert Baptiste, aka ‘Elliot Alderson’ says he has discovered security flaws in three different WordPress plugins for enterprise collaboration platform Slack. If abused, attackers could gain access to the Slack API and pull information off a team’s Slack channels, create or archive channels, invite users, and even if they felt inclined, make posts themselves.”

Ars Technica: Hackers actively exploit WordPress plugin flaw to send visitors to bad sites

Ars Technica: Hackers actively exploit WordPress plugin flaw to send visitors to bad sites. “Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.”

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit. “A high priority update was issued by WP Google Maps WordPress plugin to fix a vulnerability. The plugin could allow a malicious hacker to take control of a website. It is highly recommended that users of this plugin update to the latest version. Failure to do so may expose your site to a SQL Injection attack.”

ZDNet: WordPress plugin flaw lets you take over entire sites

ZDNet: WordPress plugin flaw lets you take over entire sites . The WordPress plugin security revelations seem to be coming thick and fast lately, don’t they? “WordPress site owners who are using the Simple Social Buttons plugin to support social media sharing features should update the plugin as soon as possible to plug a security hole that can be exploited to take over sites.”