114 replies to this topic

[AplusWebMaster]

FYI...

WordPress v3.4.1 released
- http://wordpress.org/download/
June 27, 2012 - "The latest stable release of WordPress (Version 3.4.1) is available..."

WordPress 3.4.1 Maintenance and Security Release
- https://wordpress.or...ordpress-3-4-1/
"... This maintenance release addresses 18 bugs with version 3.4... also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as an bug that affects multisite installs with untrusted users..."
___

- https://secunia.com/advisories/49726/
Release Date: 2012-06-28
Impact: Security Bypass, Exposure of sensitive information
Where: From remote...
Solution: Update to version 3.4.1.
Original Advisory: http://wordpress.org...ordpress-3-4-1/

- http://h-online.com/-1628769
29 June 2012

Edited by AplusWebMaster, 29 June 2012 - 07:59 AM.

[AplusWebMaster]

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 415 Secunia Security Advisories ...
Aug 31, 2012

- http://nakedsecurity...malware-attack/
"... ensure that any software you run on your web server is also properly secured, and kept patched and current (that includes blogging software like WordPress and any plugins that it might use)."

Edited by AplusWebMaster, 31 August 2012 - 11:01 AM.

[AplusWebMaster]

FYI...

WordPress - timthumb Plugin vuln ...
- https://secunia.com/advisories/50161/
Release Date: 2012-08-06
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerability is reported in versions prior to 1.5.
Solution: Update to version 1.5.
Original Advisory:
http://wordpress.org...nail/changelog/
http://plugins.trac....-with-thumbnail

Edited by AplusWebMaster, 06 August 2012 - 04:33 PM.

[AplusWebMaster]

FYI...

WordPress v3.4.2 released
- http://wordpress.org/download/
September 6, 2012 - "The latest stable release of WordPress (Version 3.4.2) is available..."

WordPress 3.4.2 Maintenance and Security Release
- https://wordpress.or...ordpress-3-4-2/
September 6, 2012 - "WordPress 3.4.2, now available for download, is a maintenance and security release for all previous versions... we’ve identified and fixed a number of nagging bugs, including:
• Fix some issues with older browsers in the administration area.
• Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
• Improve plugin compatibility with the visual editor.
• Address pagination problems with some category permalink structures.
• Avoid errors with both oEmbed providers and trackbacks.
• Prevent improperly sized header images from being uploaded.
Version 3.4.2 also fixes a few security issues and contains some security hardening...

- https://secunia.com/advisories/50515/
Release Date: 2012-09-07
Impact: Unknown, Security Bypass
Where: From remote
... security issue and vulnerability are reported in versions prior to 3.4.2.
Solution: Update to version 3.4.2.
Original Advisory: http://wordpress.org...ordpress-3-4-2/

- http://h-online.com/-1702501
7 Sep 2012
___

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 432 Secunia Security Advisories ...
Oct 15, 2012

Edited by AplusWebMaster, 15 October 2012 - 03:19 PM.

[AplusWebMaster]

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 454 Secunia Security Advisories ...
Nov 12, 2012

Edited by AplusWebMaster, 12 November 2012 - 07:30 PM.

[AplusWebMaster]

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: 464 Secunia Security Advisories ...
Nov 27, 2012

>> http://piwik.org/blo...-2012-nov-26th/
Updated: Nov 27, 2012 - "... The website Piwik.org is running WordPress and got compromised, because of a security issue in a WordPress plugin... compromised by an attacker on 2012 Nov 26th, this attacker added a malicious code in the Piwik 1.9.2 Zip file... You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC. If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe..."
___

- http://h-online.com/-1757246
27 Nov 2012

Edited by AplusWebMaster, 27 November 2012 - 04:26 PM.

[AplusWebMaster]

FYI...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found: -476- Secunia Security Advisories ...
Jan 2, 2013
___

WordPress v3.5 ...
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 3.5) is available..."

- https://wordpress.or.../2012/12/elvin/
Dec 11, 2012

[AplusWebMaster]

FYI...

WordPress v3.5.1 released
- https://wordpress.org/download/
"The latest stable release of WordPress (Version 3.5.1) is available..."

- https://wordpress.or...ordpress-3-5-1/
Jan 24, 2013 - "... first maintenance release of 3.5, fixing 37 bugs... a security release for all previous WordPress versions..."

- https://secunia.com/advisories/51967/
Release Date: 2013-01-25
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of sensitive information
Where: From remote
... vulnerabilities are reported in versions prior to 3.5.1.
Solution: Update to version 3.5.1.
- http://www.securityt....com/id/1028045
Jan 25 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Host/resource access via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.5.1 ...

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found -530- Secunia Security Advisories ...
March 14, 2013
___

- http://h-online.com/-1791820
25 Jan 2013
- http://www.h-online....4c597dc045.jpeg

Edited by AplusWebMaster, 14 March 2013 - 08:55 AM.

[AplusWebMaster]

FYI...

WordPress v3.5.2 released
- https://wordpress.org/download/
June 21, 2013 - "The latest stable release of WordPress (Version 3.5.2) is available..."

- https://wordpress.org/news/
June 21, 2013 - "... This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening... Download WordPress 3.5.2 or update now from the Dashboard..."
- https://wordpress.or...ordpress-3-5-2/

Release notes
- https://codex.wordpr...g/Version_3.5.2
CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205

"WordPress Plugin" search results ...
- https://secunia.com/...ordPress Plugin
Found -606- Secunia Security Advisories ...
June 21, 2013
___

- http://www.securityt....com/id/1028700
CVE Reference: CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205
Jun 25 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.5.2 ...

- http://h-online.com/-1895188
24 June 2013

Edited by AplusWebMaster, 25 June 2013 - 03:03 PM.

[AplusWebMaster]

FYI...

WordPress v3.6 released
- https://wordpress.org/download/
August 1, 2013 - "The latest stable release of WordPress (Version 3.6) is available..."

- https://wordpress.or.../2013/08/oscar/
"... WordPress, version 3.6, is now live to the world and includes a beautiful new blog-centric theme, bullet-proof autosave and post locking, a revamped revision browser, native support for audio and video embeds, and improved integrations with Spotify, Rdio, and SoundCloud..."

Release Post
- https://codex.wordpr...org/Version_3.6

Changelog
- https://codex.wordpr...g/Changelog/3.6

[AplusWebMaster]

FYI...

WordPress v3.6.1 released
- https://wordpress.org/download/
Sep 11, 2013 - "The latest stable release of WordPress (Version 3.6.1) is available..."

- http://www.securityt....com/id/1029025
Sep 11 2013
Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 3.6.1 ...
Solution: The vendor has issued a fix (3.6.1).
The vendor's advisory is available at:
- http://codex.wordpre...g/Version_3.6.1
... Summary: From the announcement post*, this maintenance release addresses 13 bugs with version 3.6... Additionally: Version 3.6.1 fixes three security issues..."
* http://wordpress.org...ordpress-3-6-1/

- https://secunia.com/advisories/54803/
Release Date: 2013-09-13
Criticality: Moderately Critical
Where: From remote
Impact: Security Bypass, Spoofing, System access
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-4338 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-4339 - 7.5 (HIGH)
- https://web.nvd.nist...d=CVE-2013-4340 - 3.5
... weakness, security issue, and vulnerability are reported in versions prior to 3.6.1.
Solution: Update to version 3.6.1...

Edited by AplusWebMaster, 13 September 2013 - 03:34 PM.

[AplusWebMaster]

FYI...

WordPress 3.7 released
- https://wordpress.org/download/
Oct 24, 2013 - "The latest stable release of WordPress (Version 3.7) is available..."

- http://wordpress.org.../2013/10/basie/

- https://codex.wordpr...org/Version_3.7

- https://codex.wordpr...g/Changelog/3.7

- http://core.trac.wor...p;milestone=3.7
Results... 438
___

- http://nakedsecurity...hile-you-sleep/
Oct 26, 2013 - "... it will automatically update itself with the latest maintenance and security releases... researchers believe that as many as 73% of the WordPress sites out there are vulnerable to attack purely because they aren't running the latest version... The automatic updater also supports themes and plugins - the software skins and add-ons that allow users to customise their WordPress websites..."
> http://nakedsecurity...able-to-attack/

Edited by AplusWebMaster, 29 October 2013 - 03:15 AM.

[AplusWebMaster]

FYI...

WordPress 3.7.1 - Maintenance Release
- https://wordpress.or...ordpress-3-7-1/
Oct 29, 2013 - "WordPress 3.7.1 is now available. This maintenance release addresses 11 bugs in WordPress 3.7 ..."

Changelog
- http://core.trac.wor...e...4&rev=25986

- http://core.trac.wor...milestone=3.7.1

[AplusWebMaster]

FYI...

WordPress v3.8 released
- http://wordpress.org/download/
Dec 12, 2013 - "The latest stable release of WordPress (Version 3 .8 ) is available..."

- https://wordpress.or...2013/12/parker/

- http://core.trac.wor...og/branches/3.8

- http://core.trac.wor...y?milestone=3.8
 

[AplusWebMaster]

FYI...

WordPress Button Generator - Authentication Bypass vuln
- https://secunia.com/advisories/56272/
Release Date: 2014-01-07
Where: From remote
Impact: Security Bypass
CVE Reference: No CVE references.
... vulnerability is reported in versions prior to 1.20.0.
Solution: Update to version 1.20.0.
Original Advisory: http://wordpress.org...tons/changelog/
Last Updated: 2014-1-7

- http://wordpress.org/plugins/
___

- https://secunia.com/...ordPress Plugin
Found: 684 Secunia Security Advisories...