Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit. “A high priority update was issued by WP Google Maps WordPress plugin to fix a vulnerability. The plugin could allow a malicious hacker to take control of a website. It is highly recommended that users of this plugin update to the latest version. Failure to do so may expose your site to a SQL Injection attack.”

ZDNet: WordPress plugin flaw lets you take over entire sites

ZDNet: WordPress plugin flaw lets you take over entire sites . The WordPress plugin security revelations seem to be coming thick and fast lately, don’t they? “WordPress site owners who are using the Simple Social Buttons plugin to support social media sharing features should update the plugin as soon as possible to plug a security hole that can be exploited to take over sites.”

ZDNet: Popular WordPress plugin hacked by angry former employee

ZDNet: Popular WordPress plugin hacked by angry former employee. “A very popular WordPress plugin was hacked over the weekend after a hacker defaced its website and sent a mass message to all its customers revealing the existence of supposed unpatched security holes. In a follow-up mass email, the plugin’s developers blamed the hack on a former employee, who also defaced their website.”