WordPress core version 5.2.3 was released on September 4. This was a security release patching eight key vulnerabilities in WordPress core, most of which were cross site scripting vulnerabilities. In this episode of Think Like a Hacker, we walk through each of the patched elements of WordPress core and how these vulnerabilities could have been exploited. We also look at the SIM port attack on Jack Dorsey’s Twitter account, and the lessons for all of us in using our cellphones and mobile devices for securing our online accounts.
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
Some sources we reference in this week’s episode include:
- The blog post from our research last week analyzing each vulnerability patched in WordPress 5.2.3.
- Our learning center article about how to prevent cross-site scripting attacks.
- CodeRisk is RIPSTech’s tool that assigns a risk score to WordPress plugins.
- The SIM porting attack that hijacked Jack Dorsey’s Twitter account.
- The state of two-factor authentication across numerous services.
- RoboKiller is a cellphone app that blocks spam calls.
You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant.
Please feel free to post your feedback in the comments below.
The post Podcast Episode 44: Unpacking the WordPress 5.2.3 Security Release appeared first on Wordfence.
Source: Wordfence
