ZDNet: Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

ZDNet: Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins. “A US-based cyber-security firm has published details about two zero-days that impact two of Facebook’s official WordPress plugins. The details also include proof-of-concept (PoC) code that allows hackers to craft exploits and launch attacks against sites using the two plugins.”

CNET: WordPress outage floods premium blogs with images of succulents

CNET: WordPress outage floods premium blogs with images of succulents. “Succulents were front and center Tuesday after a WordPress outage led some sites to revert to default themes. The outage, which occurred on WordPress’ VIP Go platform, caused premium blogs to show 503 errors or go back to WordPress’ default themes. In many cases, sites featured artsy shots of succulents before a fix was issued.”

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw

CBR: Three Slack Plugins for WordPress All Suffer Serious Security Flaw. “Industrious French security researcher Robert Baptiste, aka ‘Elliot Alderson’ says he has discovered security flaws in three different WordPress plugins for enterprise collaboration platform Slack. If abused, attackers could gain access to the Slack API and pull information off a team’s Slack channels, create or archive channels, invite users, and even if they felt inclined, make posts themselves.”

Ars Technica: Hackers actively exploit WordPress plugin flaw to send visitors to bad sites

Ars Technica: Hackers actively exploit WordPress plugin flaw to send visitors to bad sites. “Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.”

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users

Ars Technica: A security researcher with a grudge is dropping Web 0days on innocent users. “Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.”

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit

Search Engine Journal: WP Google Maps Plugin Vulnerable to SQL Injection Exploit. “A high priority update was issued by WP Google Maps WordPress plugin to fix a vulnerability. The plugin could allow a malicious hacker to take control of a website. It is highly recommended that users of this plugin update to the latest version. Failure to do so may expose your site to a SQL Injection attack.”