Jump to content


Photo

WordPress updates


  • Please log in to reply
41 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 18 June 2010 - 06:31 AM

FYI...

WordPress v3.0 released
- http://wordpress.org/download/
"The latest stable release of WordPress (Version 3.0) is available..."

- http://wordpress.org...opment/2010/06/
June 17, 2010 - "... 1,217 bug fixes and feature enhancements..."

- http://www.h-online....rt-1025027.html
18 June 2010
___

WordPress Simple:Press Plugin ...
- http://secunia.com/advisories/40496/
Release Date: 2010-07-05
Solution: Update to version 4.3.1.
http://mantis.simple...php?filter=2284

- http://secunia.com/advisories/40446/
Release Date: 2010-07-05
Solution Status: Unpatched...
Solution: Edit the source code to ensure that input is properly sanitised...

WordPress WP-UserOnline Plugin ...
- http://secunia.com/advisories/40493/
Release Date: 2010-07-05
Solution: Update to version 2.70 or later...
http://scribu.net/wo...ne/wu-2-70.html
... Current version: 2.73

:ph34r:

Edited by apluswebmaster, 05 July 2010 - 01:51 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 30 July 2010 - 01:42 PM

FYI...

WordPress v3.0.1 released
- http://wordpress.org/download/
"The latest stable release of WordPress (Version 3.0.1) is available..."

- http://wordpress.org/news/2010/07/
July 29, 2010 - "... This maintenance release addresses about -50- minor issues..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 02 December 2010 - 07:40 AM

FYI...

WordPress v3.0.2 released
- http://wordpress.org/download/
"The latest stable release of WordPress (Version 3.0.2) is available..."

- http://wordpress.org...ordpress-3-0-2/
November 30, 2010 - "... mandatory security update for all previous WordPress versions..."

WordPress SQL Injection Vuln
- http://secunia.com/advisories/42431/
Release Date: 2010-12-01
Solution: Update to version 3.0.2.

- http://www.securityt....com/id?1024809
Dec 1 2010

- http://www.us-cert.g...s_wordpress_3_0
December 2, 2010

Over 500,000 Windows Live Spaces blogs migrated to WordPress.com
- http://windowsteambl...dpress-com.aspx
29 November 2010 - "... nearly 1 million new people now blogging on WordPress... those of you who haven’t gotten around to it yet, we want to remind you that you’ll need to do so before March 2011..."

:ph34r: :!:

Edited by AplusWebMaster, 03 December 2010 - 05:05 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 08 December 2010 - 03:53 PM

FYI...

WordPress v3.0.3 released
- http://wordpress.org/download/
December 8, 2010 - "The latest stable release of WordPress (Version 3.0.3) is available..."

- http://wordpress.org...ordpress-3-0-3/
"...security update for all previous WordPress versions. This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts. These issues only affect sites that have remote publishing enabled. Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen..."

- http://www.securityt....com/id?1024842
Dec 9 2010

:!:

Edited by AplusWebMaster, 09 December 2010 - 11:30 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 30 December 2010 - 12:43 PM

FYI...

WordPress v3.0.4 released
- http://wordpress.org/download/
December 29, 2010

- http://wordpress.org...2/3-0-4-update/
"Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download... it fixes a core security bug in our HTML sanitation library... rate this release as “critical”..."

- http://core.trac.wor...72/branches/3.0

- http://www.securityt....com/id?1024928
Dec 29 2010

:ph34r:

Edited by AplusWebMaster, 30 December 2010 - 01:48 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 08 February 2011 - 05:46 PM

FYI...

Wordpress v3.0.5 released
- http://wordpress.org/download/
"The latest stable release of WordPress (Version 3.0.5) is available..."

- http://wordpress.org...ordpress-3-0-5/
February 7, 2011

- http://www.securityt....com/id/1025029
Feb 8 2011

- http://secunia.com/advisories/43238/
Release Date: 2011-02-09
Impact: Cross Site Scripting, Exposure of sensitive information
Where: From remote...
Solution: Update to version 3.0.5.

:ph34r:

Edited by AplusWebMaster, 09 February 2011 - 10:20 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 16 March 2011 - 11:12 PM

FYI...

WordPress v3.1...
- http://wordpress.org...11/02/threeone/
"... fourteenth release of WordPress is now available... Version 3.1 is available for download*, or you can update from within your dashboard..."

* http://wordpress.org/download/

- http://codex.wordpre...g/Changelog/3.1

- http://web.nvd.nist....d=CVE-2011-0701
Last revised: 03/15/2011

:ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 06 April 2011 - 05:57 AM

FYI...

WordPress v3.1.1 released
- http://wordpress.org/download/
April 5, 2011 - "The latest stable release of WordPress (Version 3.1.1) is available..."

- http://wordpress.org...ordpress-3-1-1/
April 5, 2011 - "... This maintenance and security release fixes almost thirty issues* in 3.1... We suggest you update to 3.1.1 promptly. Download 3.1.1 or update automatically from the Dashboard > Updates menu in your site’s admin area."

* http://core.trac.wor...&order=priority
___

- http://www.securityt....com/id/1025299
Apr 6 2011

- http://secunia.com/advisories/44038/
Release Date: 2011-04-07
Criticality level: Moderately critical
Impact: Cross Site Scripting, DoS
Where: From remote...
Solution: Update to version 3.1.1.
Original Advisory: WordPress:
http://wordpress.org...ordpress-3-1-1/

:!:

Edited by AplusWebMaster, 07 April 2011 - 07:04 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 26 April 2011 - 08:31 PM

FYI...

WordPress v3.1.2 released
- http://wordpress.org/download/
April 26, 2011 - The latest stable release of WordPress (Version 3.1.2) is available... To download WordPress 3.1.2, update automatically from the Dashboard > Updates menu in your site's admin area or visit
http://wordpress.org...elease-archive/

- http://wordpress.org...ordpress-3-1-2/
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts...

- http://codex.wordpre...g/Version_3.1.2

- http://core.trac.wor...&order=priority

- http://secunia.com/advisories/44372/
Release Date: 2011-04-27
Impact: Security Bypass
Where: From remote
Solution: Update to version 3.1.2.

:ph34r:

Edited by AplusWebMaster, 27 April 2011 - 08:09 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 19 May 2011 - 12:52 PM

FYI...

WordPress for iOS v2.8 released
- http://ios.wordpress...vailable-today/
18 May 11

- http://translate.wor...rojects/ios/dev

- http://ios.trac.word...n&milestone=2.8

- http://itunes.apple....d335703880?mt=8
"... app is designed for both iPhone and iPad."

.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 26 May 2011 - 12:51 PM

FYI...

WordPress v3.1.3 released
- http://wordpress.org/download/
May 25, 2011 - "The latest stable release of WordPress (Version 3.1.3) is available..."

- http://www.securityt....com/id/1025571
May 26 2011 - "... prior to 3.1.3"

- http://secunia.com/advisories/44409/
Last Update: 2011-05-27
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of system information, System access
Where: From remote
Solution: Update to version 3.1.3...

- http://wordpress.org...ordpress-3-1-3/
"WordPress 3.1.3 is available now and is a security update for all previous versions..."

- http://codex.wordpre...g/Version_3.1.3
"... To download WordPress 3.1.3, update automatically from the Dashboard > Updates menu in your site's admin area..."

- http://core.trac.wor...&order=priority

:ph34r: :!:

Edited by AplusWebMaster, 30 May 2011 - 03:59 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 23 June 2011 - 10:31 AM

FYI...

WordPress WPtouch Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45005/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Update to version 1.9.29.
Original Advisory: http://wordpress.org...asswords-reset/

WordPress W3 Total Cache Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45021/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Manually install version 0.9.2.3 downloaded after June 21st, 2011.
Original Advisory: http://wordpress.org...asswords-reset/

WordPress AddThis Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45027/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Manually install version 2.2.0 downloaded after June 21st, 2011.
Original Advisory: http://wordpress.org...asswords-reset/
___

>> http://nakedsecurity...-spotted-fixed/
June 22, 2011

:!: :ph34r: :!:

Edited by AplusWebMaster, 24 June 2011 - 07:23 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 30 June 2011 - 08:15 AM

FYI...

WordPress v3.1.4 released
- http://wordpress.org/download/
June 29, 2011 - "The latest stable release of WordPress (Version 3.1.4) is available..."

- http://wordpress.org...ordpress-3-1-4/
June 29, 2011 - "WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site..."

- http://codex.wordpre...g/Version_3.1.4
___

- http://www.securityt....com/id/1025737
Jun 30 2011
... prior to 3.1.4...

:ph34r: :!:

Edited by AplusWebMaster, 01 July 2011 - 07:22 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 05 July 2011 - 01:57 PM

FYI...

WordPress v3.2 released
- http://wordpress.org/download/
July 4, 2011 - "The latest stable release of WordPress (Version 3.2) is available..."

- http://wordpress.org...11/07/gershwin/
"... The focus for this release was making WordPress faster and lighter... refreshed dashboard design that tightens the typography, design, and code behind the admin... Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies..."

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 04 August 2011 - 07:51 AM

FYI...

WordPress add-on application vulnerability

TimThumb v1.34 released
- http://secunia.com/advisories/45416/
Last Update: 2011-08-04
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... The weakness is reported in versions prior to 1.34.
Solution: Update to version 1.34...

> http://www.binarymoo...jects/timthumb/
TimThumb PHP Image Resizer - "... use across the WordPress world..."
___

- https://www.us-cert....s_vulnerability
August 3, 2011

- http://blog.sucuri.n...cluding-it.html
August 3, 2011

:ph34r:

Edited by AplusWebMaster, 08 August 2011 - 06:07 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 03 November 2011 - 04:50 PM

This is a "bump", because of this:

> https://blog.avast.c...to-a-blackhole/
October 31st, 2011 - "... The bad guys are using a security vulnerability in non-updated TimThumb. This allows attackers to upload and execute arbitrary PHP code in the TimThumb cache directory which will download other malicious files. But this is not the only way for example they use stolen passwords to direct FTP changes..."

- http://h-online.com/-1370897
3 November 2011 - "... criminals are exploiting a critical hole in the TimThumb WordPress add-on to deploy malicious code on a large scale. Avast says that it blocked more than 2,500 infected sites in September and anticipates a similar number in October. The attackers install the professional BlackHole exploit framework on the affected servers. The framework then tries to infect visitors to the WordPress blog with malicious code by trying out various vulnerabilities in the visitor's browser and installed plug-ins..."

- http://blog.sucuri.n...ath-part-i.html
October 28, 2011
You can check your site for -FREE- here: http://sitecheck.sucuri.net/scanner/
___

TimThumb v1.34 released
- http://secunia.com/advisories/45416/
Last Update: 2011-08-04
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... The weakness is reported in versions prior to 1.34.
Solution: Update to version 1.34...

> https://www.us-cert....s_vulnerability
August 3, 2011

:!: :ph34r:

Edited by AplusWebMaster, 03 November 2011 - 05:22 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 14 December 2011 - 12:19 AM

FYI...

WordPress v3.3 released
- https://wordpress.org/download/
December 12, 2011 Stable Download - "The latest stable release of WordPress (Version 3.3) is available ..."

- https://wordpress.or.../2011/12/sonny/

Changelog/3.3
- https://codex.wordpr...g/Changelog/3.3

- https://codex.wordpr...org/Version_3.3

:!:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 29 December 2011 - 12:41 PM

FYI...

WordPress Connections plugin vuln - updates available
- https://secunia.com/advisories/47390/
Release Date: 2011-12-29
Criticality level: Moderately critical
Impact: Unknown
Where: From remote...
Solution... see: Connections Changelog:
http://wordpress.org...ions/changelog/
Latest: 0.7.2.2 - 12/25/11
0.7.1.6 - 06/15/2011 > Fixes security vulnerability
Requires: 3.2 or higher
Compatible up to: 3.3
Last Updated: 2011-12-26

:!:

Edited by AplusWebMaster, 29 December 2011 - 12:42 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 04 January 2012 - 02:21 PM

FYI...

WordPress v3.3.1 released
- https://wordpress.org/download/
January 3, 2012 - "The latest stable release of WordPress (Version 3.3.1) is available..."

WordPress 3.3.1 Security and Maintenance Release
- https://wordpress.or...ordpress-3-3-1/
January 3, 2012 - "This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3..."

- https://core.trac.wo...&order=priority
___

- http://h-online.com/-1403297
4 January 2012
___

- http://www.securityt....com/id/1026542
CVE Reference: CVE-2012-0287
Date: Jan 19 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 3.3
Solution: The vendor has issued a fix (3.3.1)...

:!: :ph34r:

Edited by AplusWebMaster, 23 January 2012 - 09:20 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 21 April 2012 - 10:48 AM

FYI...

WordPress v3.3.2 released
- https://wordpress.org/download/
April 20, 2012 - "The latest stable release of WordPress (Version 3.3.2) is available..."

- https://wordpress.or...ordpress-3-3-2/
"WordPress 3.3.2 is available now and is a security update for -all- previous versions. Three external libraries included in WordPress received security updates:
> Plupload (version 1.5.4), which WordPress uses for uploading media.
> SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
> SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes...
... also addresses:
> Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances...
> Cross-site scripting vulnerability when making URLs clickable...
> Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs...
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2..."

Changelog:
- https://core.trac.wo...&stop_rev=20087
___

- http://web.nvd.nist....d=CVE-2012-2399 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2400 - 10.0 (HIGH)
- http://web.nvd.nist....d=CVE-2012-2401 - 5.0
- http://web.nvd.nist....d=CVE-2012-2402 - 5.5
- http://web.nvd.nist....d=CVE-2012-2403 - 4.3
- http://web.nvd.nist....d=CVE-2012-2404 - 4.3
Last revised: 04/23/2012 - "... WordPress before 3.3.2..."

- http://h-online.com/-1545416
23 April 2012

- https://secunia.com/advisories/48957/
Release Date: 2012-04-23
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting
Where: From remote
... vulnerabilities are reported in versions prior to 3.3.2.
Solution: Update to version 3.3.2.

:!: :!:

Edited by AplusWebMaster, 23 April 2012 - 01:52 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 14 June 2012 - 09:48 AM

FYI...

WordPress v3.4 released
- https://wordpress.org/download/
June 13, 2012 - "The latest stable release of WordPress (Version 3.4) is available..."

- https://wordpress.or.../2012/06/green/

- https://codex.wordpr...org/Version_3.4

:!: :ph34r:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 28 June 2012 - 10:21 AM

FYI...

WordPress v3.4.1 released
- http://wordpress.org/download/
June 27, 2012 - "The latest stable release of WordPress (Version 3.4.1) is available..."

WordPress 3.4.1 Maintenance and Security Release
- https://wordpress.or...ordpress-3-4-1/
"... This maintenance release addresses 18 bugs with version 3.4... also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users..."
___

- https://secunia.com/advisories/49726/
Release Date: 2012-06-28
Impact: Security Bypass, Exposure of sensitive information
Where: From remote...
Solution: Update to version 3.4.1.
Original Advisory: http://wordpress.org...ordpress-3-4-1/

- http://h-online.com/-1628769
29 June 2012

:!: :ph34r:

Edited by AplusWebMaster, 29 June 2012 - 08:58 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 24 July 2012 - 11:43 AM

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 415 Secunia Security Advisories ...
Aug 31, 2012

- http://nakedsecurity...malware-attack/
"... ensure that any software you run on your web server is also properly secured, and kept patched and current (that includes blogging software like WordPress and any plugins that it might use)."

:( :ph34r: :ph34r:

Edited by AplusWebMaster, 31 August 2012 - 12:00 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 06 August 2012 - 07:29 AM

FYI...

WordPress - timthumb Plugin vuln ...
- https://secunia.com/advisories/50161/
Release Date: 2012-08-06
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerability is reported in versions prior to 1.5.
Solution: Update to version 1.5.
Original Advisory:
http://wordpress.org...nail/changelog/
http://plugins.trac....-with-thumbnail

:!: :ph34r:

Edited by AplusWebMaster, 06 August 2012 - 05:34 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 07 September 2012 - 08:04 AM

FYI...

WordPress v3.4.2 released
- http://wordpress.org/download/
September 6, 2012 - "The latest stable release of WordPress (Version 3.4.2) is available..."

WordPress 3.4.2 Maintenance and Security Release
- https://wordpress.or...ordpress-3-4-2/
September 6, 2012 - "WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions... we’ve identified and fixed a number of nagging bugs, including:
• Fix some issues with older browsers in the administration area.
• Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
• Improve plugin compatibility with the visual editor.
• Address pagination problems with some category permalink structures.
• Avoid errors with both oEmbed providers and trackbacks.
• Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening...

- https://secunia.com/advisories/50515/
Release Date: 2012-09-07
Impact: Unknown, Security Bypass
Where: From remote
... security issue and vulnerability are reported in versions prior to 3.4.2.
Solution: Update to version 3.4.2.
Original Advisory: http://wordpress.org...ordpress-3-4-2/

- http://h-online.com/-1702501
7 Sep 2012
___

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 432 Secunia Security Advisories ...
Oct 15, 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 15 October 2012 - 04:18 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 26 October 2012 - 03:57 AM

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 454 Secunia Security Advisories ...
Nov 12, 2012

:!:

Edited by AplusWebMaster, 12 November 2012 - 08:31 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 27 November 2012 - 09:48 AM

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 464 Secunia Security Advisories ...
Nov 27, 2012

>> http://piwik.org/blo...-2012-nov-26th/
Updated: Nov 27, 2012 - "... The website Piwik.org is running WordPress and got compromised, because of a security issue in a WordPress plugin... compromised by an attacker on 2012 Nov 26th, this attacker added a malicious code in the Piwik 1.9.2 Zip file... You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC. If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe..."

___

- http://h-online.com/-1757246
27 Nov 2012

:!: :ph34r:

Edited by AplusWebMaster, 27 November 2012 - 05:25 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 02 January 2013 - 11:32 AM

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: -482- Secunia Security Advisories ...
Jan 11, 2013
___

WordPress v3.5 ...
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 3.5) is available..."

- https://wordpress.or.../2012/12/elvin/
Dec 11, 2012

:!:


Edited by AplusWebMaster, 11 January 2013 - 04:13 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 25 January 2013 - 09:41 AM

FYI...

WordPress v3.5.1 released
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 3.5.1) is available..."

- https://wordpress.or...ordpress-3-5-1/
Jan 24, 2013 - "... first maintenance release of 3.5, fixing 37 bugs... a security release for all previous WordPress versions..."

- https://secunia.com/advisories/51967/
Release Date: 2013-01-25
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information
Where: From remote  
... vulnerabilities are reported in versions prior to 3.5.1.
Solution: Update to version 3.5.1.
- http://www.securityt....com/id/1028045
Jan 25 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.5.1 ...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found -530- Secunia Security Advisories ...
March 14, 2013
___

- http://h-online.com/-1791820
25 Jan 2013
- http://www.h-online....4c597dc045.jpeg

:ph34r: :ph34r:


Edited by AplusWebMaster, 14 March 2013 - 09:57 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 23 June 2013 - 09:57 AM

FYI...

WordPress v3.5.2 released
- https://wordpress.org/download/
June 21, 2013 - "The latest stable release of WordPress (Version 3.5.2) is available..."

- https://wordpress.org/news/
June 21, 2013 - "... This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening... Download WordPress 3.5.2 or update now from the Dashboard..."
- https://wordpress.or...ordpress-3-5-2/

Release notes
- https://codex.wordpr...g/Version_3.5.2
CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found -606- Secunia Security Advisories ...
June 21, 2013
___

- http://www.securityt....com/id/1028700
CVE Reference: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
Jun 25 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.5.2 ...

- http://h-online.com/-1895188
24 June 2013
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 25 June 2013 - 04:02 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 02 August 2013 - 04:04 PM

FYI...

WordPress v3.6 released
- https://wordpress.org/download/
August 1, 2013 - "The latest stable release of WordPress (Version 3.6) is available..."

- https://wordpress.or.../2013/08/oscar/
"... WordPress, version 3.6, is now live to the world and includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud..."

Release Post
- https://codex.wordpr...org/Version_3.6

Changelog
- https://codex.wordpr...g/Changelog/3.6
 

:blink:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 12 September 2013 - 12:48 PM

FYI...

WordPress v3.6.1 released
- https://wordpress.org/download/
Sep 11, 2013 - "The latest stable release of WordPress (Version 3.6.1) is available..."

- http://www.securityt....com/id/1029025
Sep 11 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.6.1 ...
Solution: The vendor has issued a fix (3.6.1).
The vendor's advisory is available at:
- http://codex.wordpre...g/Version_3.6.1
...  Summary: From the announcement post*, this maintenance release addresses 13 bugs with version 3.6... Additionally: Version 3.6.1 fixes three security issues..."
* http://wordpress.org...ordpress-3-6-1/

- https://secunia.com/advisories/54803/
Release Date: 2013-09-13
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Spoofing, System access
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-4338 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-4339 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-4340 - 3.5
.. weakness, security issue, and vulnerability are reported in versions prior to 3.6.1.
Solution: Update to version 3.6.1...
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 13 September 2013 - 04:32 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 25 October 2013 - 01:51 PM

FYI...

WordPress 3.7 released
- https://wordpress.org/download/
Oct 24, 2013 - "The latest stable release of WordPress (Version 3.7) is available..."

- http://wordpress.org.../2013/10/basie/

- https://codex.wordpr...org/Version_3.7

- https://codex.wordpr...g/Changelog/3.7

- http://core.trac.wor...d&milestone=3.7
Results... 438
___

- http://nakedsecurity...hile-you-sleep/
Oct 26, 2013 - "... it will automatically update itself with the latest maintenance and security releases... researchers believe that as many as 73% of the WordPress sites out there are vulnerable to attack purely because they aren't running the latest version... The automatic updater also supports themes and plugins - the software skins and add-ons that allow users to customise their WordPress websites..."
> http://nakedsecurity...able-to-attack/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 29 October 2013 - 04:15 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 30 October 2013 - 01:30 PM

FYI...

WordPress 3.7.1 - Maintenance Release
- https://wordpress.or...ordpress-3-7-1/
Oct 29, 2013 - "WordPress 3.7.1 is now available. This maintenance release addresses 11 bugs in WordPress 3.7 ..."

Changelog
- http://core.trac.wor...25914&rev=25986

- http://core.trac.wor...milestone=3.7.1
 

:ph34r: :ph34r:  :!:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 12 December 2013 - 04:04 PM

FYI...

WordPress v3.8 released
- http://wordpress.org/download/
Dec 12, 2013 - "The latest stable release of WordPress (Version 3 .8 ) is available..."

- https://wordpress.or...2013/12/parker/

- http://core.trac.wor...og/branches/3.8

- http://core.trac.wor...y?milestone=3.8
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 07 January 2014 - 09:43 AM

FYI...

WordPress Button Generator - Authentication Bypass vuln
- https://secunia.com/advisories/56272/
Release Date: 2014-01-07
Where: From remote
Impact: Security Bypass
CVE Reference: No CVE references.
... vulnerability is reported in versions prior to 1.20.0.
Solution: Update to version 1.20.0.
Original Advisory: http://wordpress.org...tons/changelog/
Last Updated: 2014-1-7

- http://wordpress.org/plugins/
___

- https://secunia.com/...ordPress Plugin
Found: 684 Secunia Security Advisories...
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 24 January 2014 - 02:54 PM

FYI...

WordPress 3.8.1 released
- http://wordpress.org/download/
Jan 23, 2014 - "The latest stable release of WordPress (Version 3.8.1) is available..."

- https://wordpress.org/news/
"... addresses -31- bugs in 3.8, including various fixes and improvements for the new dashboard design and new themes admin screen. An issue with taxonomy queries in WP_Query was resolved..."

ChangeLog
- https://core.trac.wo...&stop_rev=26862

Codex
- http://codex.wordpress.org/Embeds

Summary
- http://make.wordpres...ease-candidate/
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 10 April 2014 - 01:33 PM

FYI...

WordPress 3.8.2 released
- https://secunia.com/advisories/57769/
Release Date: 2014-04-10
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
...  vulnerabilities are reported in versions prior to 3.8.2.
Solution: Update to version 3.8.2.
Original Advisory:
- http://wordpress.org...ordpress-3-8-2/
April 8, 2014 - "WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies... This release also fixes nine bugs and contains three other security hardening changes..."

- http://wordpress.org/download/

Changelog
- https://core.trac.wo...wser/?rev=28060
___

- http://www.securityt....com/id/1030071
CVE Reference:   
- https://web.nvd.nist...d=CVE-2014-0165 - 4.0
- https://web.nvd.nist...d=CVE-2014-0166 - 6.4 (HIGH)
Apr 11 2014
Impact: Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to versions 3.7.2 and 3.8.2 ...
Solution: The vendor has issued a fix (3.7.2, 3.8.2)...
- http://wordpress.org...ordpress-3-8-2/
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 12 April 2014 - 12:27 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#39 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 16 April 2014 - 02:57 PM

FYI...

WordPress 3.9 released
- https://wordpress.org/download/
Apr 16, 2014 - "The latest stable release of WordPress (Version 3.9) is available..."

- https://wordpress.or.../2014/04/smith/
"... available for download or update in your WordPress dashboard. This release features a number of refinements..."

- https://core.trac.wo...rowser/tags/3.9
 

:!:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#40 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 09 May 2014 - 01:37 PM

FYI...

WordPress 3.9.1 released
- https://wordpress.org/download/
May 8, 2014 - "The latest stable release of WordPress (Version 3.9.1) is available..."

- https://wordpress.or...ordpress-3-9-1/
"... This maintenance release fixes -34- bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video playlists feature and made some adjustments to improve performance..."
 

:ph34r: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#41 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 07 August 2014 - 04:18 AM

FYI...

WordPress 3.9.2 released
- https://wordpress.org/download/
Aug 6, 2014 - "The latest stable release of WordPress (Version 3.9.2) ..."

- http://wordpress.org...ordpress-3-9-2/
Aug 6, 2014 - "WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately..."

Release notes
- http://codex.wordpre...g/Version_3.9.2

- https://core.trac.wo...29383&rev=29411
___

- http://www.securityt....com/id/1030684
Aug 7 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.9.2 ...

- http://atlas.arbor.n...index#918586250
Elevated Severity
7 Aug 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 08 August 2014 - 02:08 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#42 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,129 posts

Posted 04 September 2014 - 02:39 PM

FYI...

WordPress 4.0 released
- https://wordpress.org/download/
Sep 4, 2014 - "The latest stable release of WordPress (Version 4.0) is available..."

Release notes
- http://codex.wordpress.org/Version_4.0

Changelog
- http://codex.wordpre...g/Changelog/4.0
 

:ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button