WooCommerce Unauthenticated SQL Injection Vulnerability

WooCommerce Unauthenticated SQL Injection Vulnerability

On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short …

WooCommerce Unauthenticated SQL Injection Vulnerability Read More »

What WordPress Ransomware Is (And How to Protect Against It)

What WordPress Ransomware Is (And How to Protect Against It)

It’s no secret that security is essential to any WordPress website. Knowing all you can about possible threats may help keep your site safe. Nevertheless, staying informed about how to fight back against emerging malicious technology such as ransomware can be difficult. Fortunately, a small amount of information can go a long way. By familiarizing …

What WordPress Ransomware Is (And How to Protect Against It) Read More »

WordPress PHPMailer vulnerability analysis

On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs via the addAttachment function with a UNC pathname. You may notice that there are two CVE’s in the security …

WordPress PHPMailer vulnerability analysis Read More »

The Top WordPress Vulnerabilities in 2021

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them)

There are over 28 million WordPress websites currently online. Unfortunately, this popularity makes the platform vulnerable to hacking, with attacks on WordPress sites becoming more commonplace in recent years. Like many site owners and developers, you may already be familiar with some WordPress security issues and you’re probably looking to reduce your exposure to a …

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them) Read More »

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)?

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)?

The average cost of a data breach in the US is a staggering $3.86 million. Avoiding that kind of financial blow means staying on top of your security. With supply chain attacks emerging as a particularly dangerous threat to WordPress sites, preventing them should be a top priority. Fortunately, you can take proactive steps to …

What Are WordPress Supply Chain Attacks (And How Can You Protect Against Them)? Read More »

Wordpress 5.7 One-Click HTTPS Migration

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration

Forcing WordPress to load over HTTPS usually requires a bit of work. Most either use a plugin to simplify the task or add redirects to their .htaccess files. Unfortunately, both processes can be risky if you’re not careful. Considering how important HTTPS is for improving security and Search Engine Optimization (SEO), it’s clear that implementation …

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration Read More »

Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites Read More »