The Plugin Review team has reset the passwords for plugin authors. It appears some recent plugin vulnerabilities may have been the result of password reuse.

Here is another installment in Vladimir Smitka’s series about security and hosting providers. An interesting read.

This updates fixes two cross-site-scripting vulnerabilities and a path traversal issue.

This update includes a fair number of security fixes found as the result of an external security audit. Kudos to the ACF team for having an external audit.

WooCommerce XSS vulnerability notice. It has been patched, so there is an update available.

Here is part two of Vladimír Smitka’s series where he tested various Cloud panels for managing VPS. In this installment he looks at Enhance and FlyWP, which use Docker containers, and explains why they weren’t secure and explores some of the possible fixes.

Here’s a tutorial on how to clean a hacked site.

Oxygen released version 4.8.3 which is a security update. The security issue addressed is a privilege escalation vulnerability that would allow a user with “contributor” or higher permissions to escalate their privileges to an admin (CVE-2024-4662). This issue impacts anyone that has granted untrusted users Contributor+ access to their WordPress website. It does not affect you if you do not have Contributor+ users on your WordPress website.

Joost on the fear marketing of WordPress security.