Post Category Archive A collection of posts we have categorized in WordPress Security

Security Haiku: WordPress 4.8.3

WordPress Halloween. We patch the tricks, 4 8 3 You get the treats. Boo! There is nothing spookier than a WordPress security release, the 4.8.3 patch addresses an SQL injection vulnerability in WordPress core which could be exposed by insecure coding practices…
Read The Story

The PHP Object Injection Odyssey

The past few months we have noticed a trend of new and increasing PHP Object Injection attacks targeting WordPress sites. In a few cases in the last months our standard incident response process was identifying sites were had just cleaned were getting…
Read The Story

How to Address Object Injection Vulnerabilities in PHP

I have been discussing the risks related to PHP Object Injection or insecure usage of unserialize() and how this insecure coding practice is unfortunately very prevalent in the WordPress plugin ecosystem. This post is for plugin (and really any PHP) developers for the purpose…
Read The Story

Latest Posts