Tag Archives: zero day sql injection

22Feb/15

WordPress Vulnerability found in Video Gallery

One of the drawbacks of being a do-in-yourself web person is having to keep up with hackers who create mayhem. Even if a web professional maintains your site it does not a guarantee your site is hacker safe. But having great partners, whether you choose to go the professional route or DIY, helps ensure you are getting the best protection.

If you use WordPress software on your site, and if you do not keep it and all plugins and themes up to date, you may be allowing a WordPress vulnerability. 30fold Domains recommends Wordfence to help you

  • fend of would be hackers
  • and get early warning when there is a potential threat.

Not only can their plugin help keep your site safe, they also publish regular up-to-the-minute information. Wordfence gave such a warning today. According to their blog post, if you use the WordPress Video Gallery you should remove it from your blog. Even the very latest version **as of this writing makes your WordPress site’s database vulnerable to Zero Day SQL Injection.

If you use a web professional, there’s nothing wrong with helping keep them up to date by letting them know about things you hear, and even logging into your WordPress dashboard occasionally to take a look around. If your dashboard indicates updates are required to the WordPress core, to plugins, or themes, find out what your webmaster’s schedule is for updating your site. A good webmaster will keep you informed or at least make the information available to you and make it easy for you to check in. If such documentation or access is not provided, you may need to find a new webmaster. It is your site, and your reputation on the line.

** Programmers are constantly updating their code as new threat’s emerge or are discovered. This article does not suggest any software vendor is unreliable. It is based on the latest information available at the time of posting. If you use a software mentioned in this article we recommend you also contact the source for additional information on update and patch release schedules.