Paying Users?
Paying users of Wordpress? Surely you jest.
A critical flaw has been found in the third-party WordPress NextGEN Gallery plugin that is, according to wordpress.org, actively used by more than a million websites. If you're using this plugin, patch now to version 2.1.79 or greater. If you're a cyber-scamp, well, here's a surefire way to compromise a lot of tardy sites. The …
Unfortunately, no. While the wordpress core may be free, a number of plugins are not, and more often than not the user forgets to renew their licence or support or the "developer" who built the site has wandered off somewhere, leaving a dangerously insecure plugin in place with no easy update path. Sometimes these plugins are "recommended" by the latest and greatest theme and thus it's a downward spiral. Revslider was an example from a couple of years back, Gravity Forms being another more recent one. The lack of a core file upload facility and thus the implementation of this function in every godamn plugin out there is the major reason for the crap happening.
This post has been deleted by its author
Along with lazy plug-in devs who attach unneeded CSS and JS files, leading to wordpress websites that download sometimes 100 or more .css and .js files full of unused code.
Which is why people have to go out and get a faster computer or more RAM just to get a website to function half-pie decently.
But don't get me started. The entire WordPress system is a dog's breakfast.
At the Summer of Pwnage site: https://sumofpwn.nl/advisories.html
Thanks for that - it appears I have none of the vulnerable ones installed.
That said, I deliberately keep WP sites as bare as I can make them - even Themes can be a risk.
I am wondering why I get so many attempts to reach "/integration" - can't seem to find what security problem that is trying to abuse (it's clearly not working if it shows up in the 404 log :) ).