Cyber Security Blog - Planet Zuda

WordPress 5.0.1 Patches Code Execution Vulnerability Nearly A Year…

January 13, 2019January 14, 2019
by wefightforsecurity

1 year ago Ripstech reported a way anyone who has the ability to edit and delete media files could exploit WordPress. By default Authors and higher have this ability, however some plugins also grant users this ability.

This was reported in January of 2018 and blogged about in June of 2018, since there had been no fix. The blog post was a complete guide for anyone who would want to hack WordPress. We found this exploit in all old versions of WordPress we reviewed. On December 12th, 2018 WordPress 5.0.1 was released fixing this issue. Was this a hard, painful fix with tons of code? No. It was adding essentially one word to one line of code, yet WordPress waited nearly a year to fix this issue.

Keep on reading!

yoast seo

Airtight Security Patches Issue with Yoast Impacting Podcasters

January 12, 2019January 14, 2019
by wefightforsecurity

Update: our patch for podcasters and anyone else dependent on RSS , despite being tested repeatedly wasn’t perfect. We our honest about our code, so we will have a patch that works for everyone soon! Until then we removed our patch for the feeds.

We just released another free patch in Airtight Security, fixing yet another issue in Yoast impacting who can see and hear your podcast. The same issue that we reported on sitemaps were also affecting podcasts. We have gone over our code to ensure that it fixes this issue for your podcast while you are using Yoast and it does! Comment your favorite podcast down below.

technology

PowerPress Joins Battle Against Yoast Hurting Customers Online Visibility

January 12, 2019January 14, 2019
by wefightforsecurity

PowerPress, a large podcasting company for WordPress has announced on Yoasts GitHub that they’re making a fix for the Yoast issue hurting their customers visibility online. Our software airtight security a fixes that for sitemaps and will fixing it for podcasts in approximately 24 hours. PowerPress is solely focusing on the podcast side of this battle with Yoast showing that it is hurting podcasters, as they have the dataset showing the visibility issue to podcast users. They don’t have the dataset that we do focusing on regular website visibility for the average user, so we understand their statement. We also understand that no one, including us takes on a big company without a large dataset to back up what we are saying. So, PowerPress choosing only to defend podcast users makes sense, due to their dataset. And now let’s see their statement.

I have a pre-release version of PowerPress that fixes this issue. Please contact me cio [at] rawvoice dot com for the link if you would like to test/use.
For those who want to wait, this feature will be released PowerPress 7.4.1 in 1-4 weeks, depending on how fast testers get back to us how the fix worked out for them.
For a regular website I get it, the feeds should not be indexed. For a podcast though this prevents your podcast from getting onto Google Podcasts, which is a big deal especially since podcasts may soon to be treated as 1 class citizens in search, similar to youtube videos.
Thanks,
Angelo

We knew our podcast had visibility issues, but did not did not have the data to support the hypothesis until recently. Our podcast wasn’t visible so we moved on to other venues of communication. We didn’t mention podcasts in our original post about sitemap visibility, since we don’t collect that data.

You can use our software Airtight Security to fix this issue for podcasts and your sitemap or try and join PowerPress if you use their software.

cyber security

SEO research

January 8, 2019January 31, 2019
by wefightforsecurity

The post formally located on this page has been removed pending further review.

Uncategorized

Thank you

January 8, 2019January 12, 2019
by wefightforsecurity

Thank you for purchasing Airtight Security Premium. You have an email with your subscriber activation code that you just purchased from paypal. Go to your email, get the code and activate your premium features!