Podcast Episode 44: Unpacking the WordPress 5.2.3 Security Release
WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey’s Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
Some sources we reference in this week’s episode include:
- The blog post from our research last week analyzing each vulnerability patched in WordPress 5.2.3.
- Our learning center article about how to prevent cross-site scripting attacks.
- CodeRisk is RIPSTech’s tool that assigns a risk score to WordPress plugins.
- The SIM porting attack that hijacked Jack Dorsey’s Twitter account.
- The state of two-factor authentication across numerous services.
- RoboKiller is a cellphone app that blocks spam calls.
You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.
Please feel free to post your feedback in the comments below.
Comments
2:18 pm
So I've tried searching for RoboKiller: Spam Call Blocker in my Android Play Store (on a Galaxy S9 with Android 9) and it doesn't appear anywhere? Whatsup?
2:28 pm
Their website at https://www.robokiller.com directs here: https://play.google.com/store/apps/details?id=com.robokiller.app&hl=en_US Hope that helps!
12:09 am
I have been using wordfence for a long time. I know its the best plugin for WordPress website security. But recently I found that, it makes problems regarding updating the site.
9:22 am
You shouldn't have any issues updating your site while using Wordfence. If you need support, please reach out and our team would be happy to help. As a premium customer, our team is standing by: https://support.wordfence.com
If you're still using the free plugin, please go here: http://wordpress.org/support/plugin/wordfence
8:43 am
Ah-ha! *That's* why - I'm in the UK where it's not available...
https://www.dropbox.com/s/lwlcv01860aff49/Screenshot_20190912-155532_Google%20Play%20Store.jpg?dl=0
Thanks anyway for the reply - and for the great podcasts. Best wishes :-)
9:23 am
You can still listen to RoboRadio on their site. Some hilarious calls wasting the spammers' time. Thanks for listening to Think Like a Hacker!