WordPress vulnerable to another comment XSS exploit identified by Klikki. Read more »
April 20, 2015
Another vulnerability, admin panel stored XSS in Yoast's Google Analytics plug-in
identified by Klikki, leading to server-side code execution, affects millions of WordPress sites. Read more »
April 14, 2015
Adobe released patches for two critical Flash vulnerabilities reported by Klikki:
a "double free" bug and unrestricted video/audio recording on the target system.
Safari cross-domain vulnerability found by Klikki affects close to 1 billion mobile and desktop devices (iOS, OS X, Windows).
Patches available now.
Read more »Vulnerability test »
March 19, 2015
A stored XSS vulnerability in Google Analytics by Yoast can lead to code execution by unauthenticated
users, affecting millions of WordPress sites.
Read more »
March 12, 2015
Five vulnerabilties, including a critical SQL injection, in WPML (sitepress-multilingual-cms) WordPress plug-in.
Patch available. Updated March 13.
Read more »
January 31, 2015
Another 0-day to be released soon: WordPress 3.0 - 4.1.1 core stored XSS, vendor notified on November 7.
Same impact as the previous but more restricted attack vector.