A critical flaw has just been recently disclosed for the widely used payment gateway, WooCommerce extension NAB Transact. By exploiting a vulnerability in the plugin, attackers could potentially fool vendor systems into believing payment has already been settled.

For users of this plugin, it is critical that you update the plugin on your website immediately. The issue is present for version 2.1.0 and older, and has been patched in version 2.1.2.

For more information, please check the official public release.

If you have questions, don’t hesitate to contact our support team.

WordPress 5.5 “Eckstine” Release

WordPress.org has just released WordPress 5.5 “Eckstine”, which arrives with a host of speed, security, search, accessibility, block editor, and developer functionality improvements.

For more information, please check the official public release.

WooCommerce 4.3.2 Fix Release

As for Woocommerce, they have just shipped a minor fix release that improves compatibility with the aforementioned WordPress 5.5 release.

For more information, please check the official public release.

If you have questions, don’t hesitate to contact our support team

The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites, is a simple plugin that adds a “Facebook Messenger” chat pop-up to a WordPress site and connects a chosen Facebook page to receive messages and interact with site visitors.

A flaw was discovered taking advantage of this, which made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site and engage in chats themselves.

We highly recommend updating to version 1.6 immediately to keep your site protected against any attacks attempting to exploit this vulnerability.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.

After recently patching a vulnerability last month, Newsletter, a WordPress plugin installed in over 300,000 websites, was discovered to have two additional, more serious vulnerabilities, a Cross-Site Scripting(XSS) vulnerability and a PHP Object Injection vulnerability.

After receiving the report, the plugin developers immediately released another update to patch those two specific vulnerabilities.

We strongly recommend updating to the latest version of the Newsletter plugin as soon as possible. As of this writing, that is version 6.8.3.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.

A medium severity security issue has been discovered on the popular plugin All In One SEO Pack, installed in over 2 million sites.

The vulnerability allows authenticated users with contributor level permissions and above the ability to inject malicious scripts on the website and can result in severe consequences such as a complete site takeover.

We strongly recommend immediately updating to the latest version of this plugin.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.