Michael Lazin on 17 Oct 2018 10:13:01 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] vulnerability published for wordfence wordpress plugin yesterday


I shared this with a few of my friends and I thought this might be of interest to the list.:
http://www.waraxe.us/advisory-109.html

Wordfence is an incredibly common security plugin for wordpress.  If you read through the exploits it's not terribly severe but an estimated 2 million wordpress sites are effected.  Basically, if you are running an old wordpress with php 5.4 this opens yet another security hole in your swiss cheese installation because it opens the the possibility of remote file inclusion because of wordfence.  Even if your wordpress and php are up to date they can use another vulnerability in your outdated wordfence to find the version of your wordpress,themes and plugins which make an attack even easier.  Moral of the story:  Wordfence alone won't protect you, always keep your wordpress, your theme and your plugins up to date at all times.  

--
Michael Lazin

to gar auto estin noein te kai ennai
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug