ESC! Tech News
We want to help ensure it’s the best it can be.
Updates of Note: November 2025
In addition to the regular feature and product patches typically released, there were a few updates of note last month that may be applicable to your site including: Security-related Patches in November: Elementor, a framework in use on client sites developed by third...
Older Posts
WooCommerce Critical Vulnerability Patched
On the evening of July 14, 2021, the Woo Team made public a critical vulnerability in all versions of WooCommerce (from 3.3 to 5.5) and the WooCommerce Blocks plugin. This vulnerability was originally identified and responsibly disclosed by security researcher Josh,...
WordPress 5.7.1 Released: Patches 2 Security Issues
WordPress 5.7.1 was released today. This important update includes 26 bug fixes as well as patches for two security issues: an XXE vulnerability within the media library affecting PHP 8 and a data exposure vulnerability within the REST API. Versions of WordPress...
WordPress Security: Facebook for WordPress Vulnerabilities Patched
The Official Facebook for WordPress plugin (aka Facebook Pixel) which is designed to give Facebook another way to track our activities online, was recently fully patched to fix two serious vulnerabilities including a PHP Object Injection and a Cross-Site Request...
WordPress 5.7 “Esperanza” Released
Named in honor of Esperanza Spalding, WordPress 5.7 was released this week and brings with it an updated color palette, and easier to use editor, lazy loading of iFrames, and more! All ESC! Technologies Group clients who subscribe to one of our WordPress Care Plans...
WordPress Security: WordPress 4.2.4 Released, Patches Critical Security Issue
WordPress 4.2.4 was released today to patch three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. WordPress versions 4.2.3 and earlier are affected by these flaws and, if you’ve not yet done so, you should...
WordPress Security: WordPress 4.2.3 Released to Address Critical Security Issue
WordPress 4.2.3 was released today to patch a critical cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability. If...
WordPress Security: WooCommerce Vulnerability
WordPress Plugins A serious vulnerability has been discovered in the extremely popular e-commerce plugin for WordPress, "WooCommerce". If left unpatched, a WordPress installation utilizing version 2.3.5 or earlier could be vulnerable to a SQL injection attack that...
WordPress Security: WordPress SEO by Yoast Vulnerability
WordPress Plugins A serious vulnerability has been discovered in the WordPress plugin "WordPress SEO by Yoast". If left unpatched, a WordPress installation utilizing version 1.7.3 or earlier (see all patched versions below) could be vulnerable to a SQL injection...
WordPress Security: MainWP Child Vulnerability
WordPress Plugins A privilege escalation vulnerability has been discovered in the WordPress plugin "MainWP Child". MainWP Child is a plugin that works in conjunction with the WordPress management plugin, MainWP, to allow remote administration of WordPress-based...
WordPress Security: Zero-Day Vulnerability in “FancyBox for WordPress”
WordPress Plugins A zero-day vulnerability has been discovered in the WordPress plugin "Fancy Box for WordPress". If left unpatched, a WordPress installation utilizing version 3.0.3 or earlier could allow an attacker to install malware or other malicious content on...