Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Wordfence Blog

Podcast Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News

This entry was posted in Podcasts on July 17, 2019 by Kathy Zant   0 Replies

This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.

Here are approximate timestamps in case you want to jump around:
0:57 Ad Inserter Plugin Vulnerability
5:27 Chrome XSS Protection
8:10 Instagram 2FA Vulnerability
14:10 New Updates to Gutenberg editor
16:05 The Android App that Kills
20:54 Biggest Bulletproof Hoster
21:43 Agent Smith Android Malware
24:33 Zoom Vulnerability Update

Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.

Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.

This week in the news we cover:

  • A critical vulnerability has been patched in the Ad Inserter plugin currently installed on over 200,000 WordPress sites.
  • Google is planning to remove Chrome’s built in XSS protection.
  • A security researcher found and reported a bypass of Instagram’s 2FA that could have led to compromise of any account.
  • A recent release of Gutenberg shows some continuous improvements.
  • Hackers created an Android app that kills to prove a point.
  • Brian Krebs covered research into the world’s biggest bulletproof hoster.
  • Malicious apps have infected 25 million Android devices with ‘Agent Smith’ malware.
  • In an update to a story we covered last week, Apple pushed a silent update to patch Zoom’s zero-day vulnerability that left web servers on Mac computers that had previously installed Zoom.

You can find Mark on Twitter as @mmaunder, Sean as @iamseanmurphy and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.

Did you enjoy this post? Share it!

No Comments on "Podcast Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News"

Follow Us


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 100 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates