When it comes to WordPress, keeping your theme, plugins, and WordPress core is one of the most important tasks you have as a website owner. However, most website owners are often guilty of not applying updates and running with outdated versions of their themes and plugins. Needless to say, this leaves your website vulnerable to […]
WordPress to add auto-update feature for themes and plugins Read More »
As many of you know, WordPress is written in PHP. Finding backdoors in PHP and WordPress code can be quite tricky and sometimes almost impossible: Since backdoors could be hidden anywhere in the code and look like regular code with human coding errors, and a regular installation of WordPress consists of about 432,709 lines of
Backdooring WordPress with Phpsploit Read More »
When it comes to content management systems such as WordPress, hackers will often exploit file upload mechanisms to distribute malicious files which can be used to execute malicious code on a website, infect other websites, and allow hackers to gain full control over a server where your website is hosted. In an effort to prevent
Dozens of File Upload Vulnerabilities Found in Web Apps Read More »
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2020-9334, exists in a popular WordPress plugin called Envira Photo Gallery, rendering over 100,000 websites vulnerable to phishing attacks, stealing administrator’s session tokens, etc. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Envira
CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress Read More »
A non-trivial CSV injection vulnerability was discovered in a popular WordPress plugin called Events Manager v5.9.7.1 (active on 100,000+ websites). This makes the users’ machine vulnerable to remote attackers who can execute arbitrary commands on it. In this Blog-post, we will dive deep into what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation
100,000+ WordPress sites vulnerable due to Events Manager Plugin Read More »
A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Code Snippets Vulnerability? The National Vulnerability
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 Read More »
According to the latest Sucuri Hacked Website Report (2018), 90% of scanned WordPress websites were infected with one or more vulnerabilities last year. That’s up 7% from the previous year and shows you just how vulnerable WordPress websites can be. (Source) While the WordPress core is built to be as secure as possible, relying on
Why You Should Perform WordPress Vulnerability Scanning Read More »
As of now, the WordPress content management system (CMS) dominates the web. In fact, WordPress powers 35% of the worldwide web, which is pretty impressive seeing as there are over 1.7 billion websites online right now. The thing is, many people will claim that WordPress is insecure. After all, according to Sucuri, a leading website
4 Compelling Reasons Why WordPress is Secure Read More »
WordPress 5.3.1 is a security and maintenance release that has 46 fixes and enhancements. And even better, it fixes serval security problems found by the following people: Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. Simon Scannell of RIPS Technologies for finding and disclosing an issue
WordPress 5.3.1 security and maintenance release Read More »
WPSec.com, Our WordPress Vulnerability Security Scanner has been updated with new functionality and reliability changes. Detect WAF – If there is a scanning problem such as a timeout, we will try to detect if there is a Web Application Firewall (WAF) blocking us. And if there is we will notify you via E-mail or on
WordPress Security Scanner reliability updates Read More »