Threat Post

WordPress Patches Serious Shortcodes Core Engine Vulnerability

WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes. WordPress core engine security ...
Searchenginejournal.com

WordPress Vulnerability In Shortcodes Ultimate Impacts 700,000 Sites

The United States government National Vulnerability Database (NVD) published an advisory about Shortcodes Ultimate WordPress plugin, warning that it was discovered to contain a Cross Site Request ...
Infosecurity Magazine

Avada Builder Flaws Expose One Million WordPress Sites

Two newly disclosed vulnerabilities in the Avada Builder WordPress plugin have placed around one million sites at risk of ...

Avada Builder WordPress plugin flaws allow site credential theft

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow ...
Yahoo Finance

In latest move against WP Engine, WordPress takes control of ACF plug-in

The dispute between WordPress founder Matt Mullenweg and hosting provider WP Engine continues, with Mullenweg announcing that WordPress is “forking” a plug-in developed by WP Engine. Specifically, ...
Bleeping Computer

WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...
Computerworld

How to enable shortcodes in WordPress widgets

Shortcodes in Wordpress are small snippets of text that you can enter into a post or page body which trigger a larger function to run at that position. It’s the equivalent of inserting a program ...