XSS in WordPress: a tutorial

One of the most common vulnerabilities in WordPress plugins is cross site scripting – XSS for short. The basic premise of XSS is that an attacker is able to cause JavaScript to run in somebody else’s browser, while they’re on a website that the attacker shouldn’t be able to control. By the end of this, […]

Trends in WordPress plugin security

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Some WordPress Plugin vulnerabilities we’ve published recently

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]