Unauthenticated SQL Injection Vulnerability Patched in WordPress Statistics Plugin

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending them to an existing SQL query. This could be used to … Read more

Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution

On January 4, 2022, the Wordfence Threat Intelligence team began the responsible disclosure process for several Remote Code Execution vulnerabilities in PHP Everywhere, a WordPress plugin installed on over 30,000 websites. One of these vulnerabilities allowed any authenticated user of any level, even subscribers and customers, to execute code on a site with the plugin … Read more

WP Briefing: Episode 24: Three Goals in 2022

In episode 24 of the WordPress Briefing, the Project’s Executive Director reviews three big-picture goals for the year: Increased Gutenberg adoption, support of all open source alternatives, and stewarding the open source ethos. Have a question you’d like answered? You can submit them to wpbriefing@wordpress.org, either written or as a voice recording. Credits Editor: Dustin HartzlerLogo: Beatriz … Read more