Cyber Security Researcher Cyku Hong from the Taiwan-based company DEVCORE has found a serious security vulnerability in the WordPress plugin WP Statistics. This plugin is installed on over 600,000 websites and the flaw makes it possible for an attacker to conduct an SQL-injection attack. The SQL-injection attack can be used to read sensitive information such as …
A critical security vulnerability was recently discovered in the Essential Addons for Elementor, a plugin that has over a million active installations on the WordPress plugin repository. The plugin is used to “enhance your Elementor page building experience with 80+ creative elements and extensions“. One of those “creative elements” is the dynamic and product gallery …
Essential Addons for Elementor has a critical security hole Read More »
AccessPress hack underlines the importance of core file monitoring Core file integrity monitoring is when a tool is in place that ensures WordPress application files are changed only during an actual WordPress upgrade. Plugins, themes or other 3rd party code should never alter core files. The Jetpack security team discovered that 93 AccessPress WordPress add-ons …
AccessPress hack underlines the importance of core file monitoring Read More »
TL;DR: We have found no evidence that the new Trojan Source method has been used to sneak in backdoors in any of the WordPress plugins listed on WordPress.org (CVE-2021-42694 and CVE-2021-42574) A new vulnerability affecting the supply chain of Source Code for projects like Go, PHP, Python, JavaScript and many more programming languages. The vulnerability …
In this guide you will learn how to install and protect WordPress with the Open Source Web Application Firewall (WAF) ModSecurity. We will also install the latest protection rules from the OWASP Core Rule Set (CRS). A WAF is a great addition to the Cyber Security protection for your WordPress blog or website and can …
Protecting WordPress with Open Source Web Application Firewall ModSecurity Read More »
On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short …
WooCommerce Unauthenticated SQL Injection Vulnerability Read More »
On 13th May 2021, WordPress released WordPress 5.7.2, which was a security release fixing one vulnerability that affected versions 3.7 to 5.7. This vulnerability is a PHP Object Injection vulnerability in PHPMailer (CVE-2020-36326, CVE-2018-19296) that occurs via the addAttachment function with a UNC pathname. You may notice that there are two CVE’s in the security …
WordPress versions 5.7, 5.6.2, 5.6.1, 5.6, 5.0.11 are affected to XML eXternal Entity vulnerability where an authenticated user with the ability to upload files in the Media Library can upload a malicious WAVE file that could lead to remote arbitrary file disclosure and server-side request forgery (SSRF). WordPress uses ID3 library to parse information about an audio …
WordPress XXE Vulnerability in Media Library – CVE-2021-29447 Read More »
A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …
Update: Due to some problems with the 5.5.2-release 5.5.3 was quickly released. WordPress 5.5.2 has been released and it contains ten security issues affecting WordPress version 5.5.1 and earlier. If you haven’t yet updated to 5.5, all previous WordPress versions since 3.7 have also been updated to fix the following security issues: Alex Concha of …