Bleeping Computer

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. The set includes an SQL ...
Computerworld

Malicious code injection: It’s not just about SQL anymore

The good news: Developers are becoming increasingly aware of the threat posed by SQL injection attacks and the pitfalls of leaving pre vulnerable to such attacks. The bad news: there are other types ...
Bleeping Computer

Critical flaw in LayerSlider WordPress plugin impacts 1 million sites

The structure of the possible queries limits the attack to time-based blind SQL injection, meaning that the attackers need to observe the response times to infer data from the database.
Dark Reading

New Plug-ins Help Firefox Find XSS, SQL Injection

4:14 PM -- Two new Firefox plug-ins were released last month to assist developers and security professionals in testing for cross-site scripting (XSS) and SQL injection vulnerabilities. Even though ...
Threat Post

WP Statistics Bug Allows Attackers to Lift Data from WordPress Sites

The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. WP Statistics, a plugin installed on more than 600,000 WordPress websites, ...