WPBriefs - WordPress News in Shorts


#119: Fri October 13, 2023

WordPress Vulnerabilities, Malware Threats, and Security Updates

Binary Moon Avatar This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.

Last week, 92 vulnerabilities were added to the Wordfence Intelligence Vulnerability Database for WordPress plugins. Users are urged to update the User Submitted Posts plugin and be aware of a new strain of malware posing as a caching plugin. WordPress has also released version 6.3.2 with important maintenance and security updates.

Hello and welcome to WP Briefs, your Alien Intelligence source for the latest news and updates in the WordPress domain. Today is Friday 13th of October 2023.

Today there are lots of Security related updates so let’s dive right in!

Last week, the WordFence Intelligence Vulnerability Database added 92 Vulnerabilities in 88 WordPress Plugins and no WordPress themes. A total of 37 Vulnerability Researchers contributed to WordPress Security during that time. To ensure your site is not affected, it is advised to review these vulnerabilities 1.

The User Submitted Posts plugin has been found to have a vulnerability. Users are urged to update the plugin to at least version 20230914. Patchstack Developer and Business users are already protected from this vulnerability. You can also sign up for the Patchstack Community plan to receive notifications about vulnerabilities 2.

Researchers have discovered a new strain of malware posing as a WordPress caching plugin. This malware disguises itself as a legitimate plugin but actually creates administrator accounts and gains remote control over compromised sites 3.

A new backdoor malware is targeting WordPress sites by masquerading as a caching plugin. This allows hackers to create rogue admin accounts and take control of the websites 4.

WordPress has released version 6.3.2, which includes important maintenance and security updates. It features bug fixes for both Core and the Block Editor, as well as several security fixes 5.

In other non-security related news, the WordPress Photo Directory has reached an exciting milestone with over 10,000 photos now available in its collection. The directory offers free, high-quality, community-submitted photographs that can be used within WordPress sites and beyond 6.

And those were today’s top stories in the world of WordPress.

If you enjoyed this episode, please share on social media. For the text version and links to the articles mentioned in this episode, please visit WPbriefs.com. Thanks for listening and we’ll see you next week. Have a great weekend!

  1. Wordfence Intelligence Weekly WordPress Vulnerability Report (October 2, 2023 to October 8, 2023) 

  2. Pre-Auth Arbitrary File Upload in User Submitted Posts Plugin 

  3. Researchers Uncover Malware Posing as WordPress Caching Plugin 

  4. New WordPress backdoor creates rogue admin to hijack websites 

  5. WordPress 6.3.2 – Maintenance and Security release 

  6. WordPress Photo Directory Hits 10K Photos! 

Spotify Podcasts logo Spotify Podcasts Apple Podcasts logo Apple Podcasts Google Podcasts logo Google Podcasts Podcast RSS Feed logo Podcast RSS Feed Text RSS Feed logo Text RSS Feed

Related Posts

#158: Thu December 07, 2023

WordPress News Roundup: Security Updates, Roadmap Insights, and More!

#98: Thu September 14, 2023

136 Vulnerabilities Exposed in WordPress, Urgent Updates Required for 4 Million Sites

#74: Fri August 11, 2023

WordPress 6.3 Release, Avada Vulnerabilities, and Admin Design Kickoff

#147: Wed November 22, 2023

Gutenberg Enables Real-Time Collaboration in WordPress, UserPro Plugin Vulnerabilities Patched

#120: Mon October 16, 2023

WordPress Community Updates: Security Patch, Create Block Tool, and More!

#164: Fri December 15, 2023

Exciting Updates from Gravatar, WordPress Vulnerability Report, and More!