ESC! Tech News
We want to help ensure it’s the best it can be.
Updates of Note: October 2025
In addition to the regular feature and product patches typically released, there were a few updates of note last month that may be applicable to your site including: Security-related Patches in October: Genesis, a framework in use on some older sites, was updated to...
Older Posts
WordPress 5.7.1 Released: Patches 2 Security Issues
WordPress 5.7.1 was released today. This important update includes 26 bug fixes as well as patches for two security issues: an XXE vulnerability within the media library affecting PHP 8 and a data exposure vulnerability within the REST API. Versions of WordPress...
WordPress Security: Facebook for WordPress Vulnerabilities Patched
The Official Facebook for WordPress plugin (aka Facebook Pixel) which is designed to give Facebook another way to track our activities online, was recently fully patched to fix two serious vulnerabilities including a PHP Object Injection and a Cross-Site Request...
WordPress 5.7 “Esperanza” Released
Named in honor of Esperanza Spalding, WordPress 5.7 was released this week and brings with it an updated color palette, and easier to use editor, lazy loading of iFrames, and more! All ESC! Technologies Group clients who subscribe to one of our WordPress Care Plans...
WordPress Security: WordPress 4.2.4 Released, Patches Critical Security Issue
WordPress 4.2.4 was released today to patch three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. WordPress versions 4.2.3 and earlier are affected by these flaws and, if you’ve not yet done so, you should...
WordPress Security: WordPress 4.2.3 Released to Address Critical Security Issue
WordPress 4.2.3 was released today to patch a critical cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability. If...
WordPress Security: WooCommerce Vulnerability
WordPress Plugins A serious vulnerability has been discovered in the extremely popular e-commerce plugin for WordPress, "WooCommerce". If left unpatched, a WordPress installation utilizing version 2.3.5 or earlier could be vulnerable to a SQL injection attack that...
WordPress Security: WordPress SEO by Yoast Vulnerability
WordPress Plugins A serious vulnerability has been discovered in the WordPress plugin "WordPress SEO by Yoast". If left unpatched, a WordPress installation utilizing version 1.7.3 or earlier (see all patched versions below) could be vulnerable to a SQL injection...
WordPress Security: MainWP Child Vulnerability
WordPress Plugins A privilege escalation vulnerability has been discovered in the WordPress plugin "MainWP Child". MainWP Child is a plugin that works in conjunction with the WordPress management plugin, MainWP, to allow remote administration of WordPress-based...
WordPress Security: Zero-Day Vulnerability in “FancyBox for WordPress”
WordPress Plugins A zero-day vulnerability has been discovered in the WordPress plugin "Fancy Box for WordPress". If left unpatched, a WordPress installation utilizing version 3.0.3 or earlier could allow an attacker to install malware or other malicious content on...
Tech!Alert: Zero-Day Vulnerability Discovered in Adobe Flash Player
Adobe released a critical update to its Flash Player plugin version 16.0.0.296 and earlier that patches a zero-day vulnerability which could allow an attacker to take control of an affected system.
Adobe released a patch for the flaw on February 4th which will be sent to all desktop installs of Flash Player that have auto-update enabled and they expect to release a manually installable update no later than February 5th.