According to WooCommerce: "Versions 3.4.4 and earlier are affected by an issue where a function that updates attributes could lead to object injection. This is related to the WordPress 4.8.3 security release." We have automatically upgraded WooCommerce to 3.4.5 in all applicable WordPress customer accounts.
There are some recent changes by the .nz domain name registry to improve security of the domain name space, compliance with GDPR (Privacy for European citizens no matter where they reside). For information, see https://dnc.org.nz/sites/default/files/2018-04/DNC%20Newsletter%20April%202018_0.pdf.
WP Retina 2x <= 5.2.0 is vulnerable to a Cross-Site Scripting (XSS) attack. We have automatically upgraded all applicable WordPress customer accounts.
As advised by the WordFence team, WordPress 4.9.3 was released earlier this week and unfortunately it broke the auto-update mechanism in WordPress. Sites running 4.9.2 were auto-updated to 4.9.3 and will no longer be auto-updated unless you perform a manual update. Due to the security related risks, we may manually update any installations that ... Read More »
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Unless you have disabled automatic updates, or your hosting account doesn't have enough disk space, your site may have already been upgraded to WordPress 4.9.1. More info at ... Read More »
Yoast SEO fixed an unauthenticated cross site scripting vulnerability that affected versions 5.7.1 and older. Update immediately.
A reminder that WordPress 4.9 is now available. This Major release features customizer improvements, code error checking, and mor, as detailed at https://wordpress.org/news/2017/11/tipton/. Unless you have disabled automatic updates, or your hosting account doesn't have enough disk space, your site may have already been upgraded to WordPress ... Read More »
Duplicator, running on over 1 million active sites, has a stored cross site scripting vulnerability affecting versions 1.2.28 and older. We have automatically upgraded all applicable WordPress customer accounts.
A reminder that WordPress 4.8.2 is now available. This is a security and maintenance release for all previous versions of WordPress, fixing six security vulnerabilities, as detailed at https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/. We strongly encourage you to update your sites immediately.Unless you have ... Read More »
We have been advised that the Display Widgets plugin includes backdoor hacking code. This has been automatically removed from all WordPress sites containing the plugin. For further info see: ... Read More »