WordPress

[Security News] Backdoor in WordPress plugin Captcha

On the 19th of Decembrer 2017 The website Wordfence has published an article after the discovery of a backdoor in the WordPress plugin Captcha.

How it works ?

This flaw might allow somebody to modify the WordPress website code.

The way the flaw has been coded the backdoor could be used not only by the backdoor coder but anybody.

Am i concerned ?


[Security news] Content injection vulnerability in WordPress 4.7.0/4.7.1

On the 1st of February 2017 a security vulnerabitity that allows a visitor to modify the content of a WordPress page has been dicovered.

How it works ?

An unauthenticated user can get additional rights by exploiting a vulnerability in the REST API and doing so is able to modify the content of any page of the vulnerable WordPress site.

Am i concerned ?

The REST API has been added in WordPress 4.7.0


The new pack IKL WordPress is available!

Our regular satisfaction surveys and the different testimonies of our clients have shown us that a very large majority of them uses the WordPress CMS on our Linux hosting. This is not surprising because WordPress is the most used opensource CMS worldwide.

We have published several articles on good practices to create and secure a WordPress site, but today we go further.

wordpress_ikoula


New vulnerability for WordPress and Drupal

Security vulnerabilities do not respect holidays!

On August 5, 2014, a new security flaw was published on the WordPress CMS and Drupal. The vulnerability is linked to any plugin additional and is available from the default configuration of these tools.

- What is it allows?


WordPress - a plugin MailPoet security flaw operating



Early July a security flaw has been discovered in the WordPress plugin MailPoet, otherwise known as the wysija-newsletters. As of July 23, 2014, the blog Sucuri informed that this flaw was exploited and publicly unveiled.