WordPress Cross-Site-Scripting Vulnerability

WordPress Cross-Site-Scripting Vulnerability

I just got a notice that the plugin

GDPR Cookie Consent

has a XSS vulnerability in it. Just released today:

This entry was posted in Vulnerabilities, WordPress Security on February 11, 2020 by Matt Barry   0 Replies

Description: Improper Access Controls
Affected Plugin: GDPR Cookie Consent
Affected Versions: <= 1.8.2
CVSS Score: 9.0 (Critical)
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Patched Version: 1.8.3

If you are using this plugin, you will want to upgrade to version 1.8.3 immediately. If you want the details of the vulnerability and how it works, you can read the rest of the long post here:

or search it out on the WordFence blog.

Thanks for visiting. Share this information with your developer friends! 🙂

Why email passwords are not enough

Why email passwords are not enough

Do you have security on your email account? How much…a good password maybe? It’s not enough. And here is why…

Your email account gives access to ANY other account you may hold. If someone can access your email account, they can ‘verify’ and get into ANY of your online accounts. Maybe you think people don’t try? Well that would be a very bad mistake. Here is my account that someone has been trying to get in to unsuccessfully for 24 hours now. It’s been unsuccessful because #1 I have 2-step verification on my microsoft account.  And #2, because I have 2-step verification on, you need another ‘special’ password to set up email, because the regular password won’t work in an email setup if you have 2-step security turned on.

If you look at the image, you will see the protocol they were trying to access was/is IMAP …which is email. When the request hit my phone today, I changed the password to make it even more difficult, now they have to start over if they want to continue…but somehow they got my email password, or I would have never got a request on my phone. So that should be proof to you that passwords alone are not enough.

There are certain accounts that need to be protected harder than other accounts…these are banking, hosting, and email accounts. Don’t take chances with them. You may never need it for 5 years…but if you have it in place and use it regularly…the 1 time you do need it, it will protect you.

Call Everything I.T. if you need help with security. We can help you.

email account security

Give the Gift of I.T.

Give the Gift of I.T.

Everything I.T.’s gift certificates make the perfect Christmas (or other occassion) gift for the person that is difficult to buy for, because they can be used for so many different things. If the recipient is non-technical, they can be used to set up email, for computer tutoring or training, or for remote technical assistance if they get in a jam they just can’t resolve on their own. It can be used for a computer repair, for home or business. For the more technical person, it can be used for computer hardware upgrades (for your favorite gamer) like graphic cards, hard drives, extra memory, or whatever. It can use used to help them get that website going that they know they need but haven’t been able to afford, or if they already have one, they can get upgrades to it, or even an annual maintenance contract. The best part is, …you don’t have to choose. You just chip in, purchase the gift certificate, and let them use it however they want! It’s perfect really…There are very few people who can’t find some use for it. You can purchase the gift certificate for any amount you choose, from $35 and up. ($35.00 is still the minimum 1 hour rate for any job) It’s perfect for young and old alike. I tutor students, and work with seniors, I’m very patient, and can help anyone who needs it to adapt to the technical era. Get one today!


AMOUNT (add quantity later)
Name of recipient
Recipient Mailing Address



WordPress 4.9.5 is HERE.

Another WordPress CORE update came out yesterday, PASS IT ON! haha…

Seriously, they do come out regularly. Do you have yours set to “automatically” update. I don’t. It’s probably more work the way I do it, because I do full file and database backup before updating the core files, …and while I have never needed that backup yet, it’s just my luck that the second I stop backing up first, an update will surely bring down my site and I won’t have the means to restore it, so my “automatic” feature, is turned off. How about you? Do you do your own? Do you have someone else do them? Do you ignore them altogether? (We do have an annual service that is very reasonable if you want them done “for” you…with backups first. Just get a hold of me on the contact page, or chat, or voicemail, or however you like really.

Anyway, back to the update. This update fixes 28 bugs, and some major security updates.

WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented in 4.9.5:

  1. Don’t treat localhost as same host by default.
  2. Use safe redirects when redirecting the login page if SSL is forced.
  3. Make sure the version string is correctly escaped for use in generator tags.

Twenty-five other bugs were fixed in WordPress 4.9.5. Particularly of note were:

  • The previous styles on caption shortcodes have been restored.
  • Cropping on touch screen devices is now supported.
  • A variety of strings such as error messages have been updated for better clarity.
  • The position of an attachment placeholder during uploads has been fixed.
  • Custom nonce functionality in the REST API JavaScript client has been made consistent throughout the code base.
  • Improved compatibility with PHP 7.2.  (Aaron D. Campbell, 4-3-2018, “WordPress 4.9.5 Security and Maintenance Release” )

If you want to read the full Release Notes, you can read those here: https://make.wordpress.org/core/2018/04/03/wordpress-4-9-5/

If you subscribe to my blog, or my facebook page, I do try to put out a notice for all “important” WordPress updates and/or changes, so follow if it makes life easier for you. 🙂

Holiday Days and Hours Update

Holiday Days and Hours Update

The office will be closed from December 22nd until Jan 2nd, although I could be available as early as December 30th. Leaving town for Christmas. Although ALL remote services will still be available. I’m just not taking any jobs that require me “physically” being there, or any equipment/laptop drop-offs. I will however have a computer with me, and will answer all emails and texts, and will be able to perform any remote services, like Windows issues, Website issues, etc. …any of the things I would normally do remotely. So please don’t hesitate to call just because the hours say closed, there was no field to add an explanation on Yelp or Facebook. 

FROM EVERYTHING I.T.!

Website Technology Changes for Video Playback, Important!

If you have a website, or you are involved in web development, you know that things are constantly changing, right? Do you remember not too long ago before HTML 5 and CSS 3 came out and brought along all the wonderful responsive website technology that made things so nice for cell phones and tablets? Do you remember that once upon a time, we had to have a .mobile TLD (top level domain) for your URL so you could have an entire separate website for cell phones? And then came along HTML5 and CSS3 and all this wonderful new stuff that removed the scroll bar from the bottom of the webpage, and now things just AUTOMATICALLY resize depending on screen size? It seems like ages ago, but really it wasn’t that many years ago. Things change rapidly when it comes to internet technology. Sometimes, for those of us who work in it, it’s difficult to keep up with.

Anyway, today I have some information about the WebKit engine. WebKit engine is the technology used for Safari browsers, and the Kindle browser. (why can’t they just use the same HTML as everyone else, right?) Anyway, there are some new changes that have to do how AUTOPLAY on videos works. So if you have video on your website, you are probably going to want to study this issue. I have read that the changes that Apple made, Chrome will also be making in early 2018. The main thing is that AUDIO will not autoplay any more. If you want sound, you have to have controls enabled. Only videos without sound will autoplay. If you want to read about the OSX and iOS Webkit changes, you can read about them here: https://webkit.org/blog/7734/auto-play-policy-changes-for-macos/