The following six new WordPress plugin vulnerability checks has been added to WPScans: AddToAny Share Buttons <= 1.7.14 – Conditional Host Header Injection Link-Library <= 5.9.13.26 – Authenticated SQL Injection I Recommend This <= v3.7.7 – Authenticated SQL Injection wordpress-gallery- transformation 1.0 – Blind SQL Injection rk-responsive-contact-form 1.0 – Authenticated Blind SQL Injection Event Espresso …
As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer …
SQL Injection and CSRF Security Vulnerability in Loginizer Read More »
This is our new logo for the WPScans.com WordPress Security Scanner. The logo was created by the talented Makmoer at 99designs.com, you see some of his work here.
WPScans.com was recently sold on Flippa.com and I would like to introduce myself as the new owner. My name is Jonas Lejon and i’ve been working with Cyber Security since 17 years. The last 7 years I have also been working with WordPress Security. In the past i’ve built several security related web services such …