Episode 75: The WordPress 5.4.1 Security Release & More Plugin Vulnerabilities

The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over 1 million WordPress sites. As a few of these were Cross Site Request Forgery vulnerabilities, so we take a look at how these attacks work and how to avoid becoming a victim to a malicious CSRF request.

We also look at more scams targeting COVID-19 fears and stimulus funds, and Google’s upcoming crackdown on Chrome extensions set to happen in August 2020. We also look at the privacy concerns expressed by many in the information security field about contact tracing initiatives by various companies including Google and Apple as well as governmental agencies.