New WordPress vulnerability checks week 34

The following three new WordPress plugin vulnerability checks has been added to WPScans: Embed Images in Comments <= 0.5 – Unauthenticated Stored XSS Bridge Theme <= 11.1 – DOM Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.50 – Authenticated SQL Injection Run your free scan at https://wpscans.com

Using OSSEC to monitor directory and file changes in WordPress

OSSEC is an open source host-based intrusion detection system (HIDS) that can be used to monitor file system changes on an operating system. In this article, you’ll learn how to use it to monitor directory and file system changes on WordPress installations. OSSEC in a manager-agent HIDS, where the manager and agent can be installed …

Using OSSEC to monitor directory and file changes in WordPress Read More »

New WordPress vulnerability checks week 33

The following six new WordPress plugin vulnerability checks has been added to WPScans: AddToAny Share Buttons <= 1.7.14 – Conditional Host Header Injection Link-Library <= 5.9.13.26 – Authenticated SQL Injection I Recommend This <= v3.7.7 – Authenticated SQL Injection wordpress-gallery- transformation 1.0 – Blind SQL Injection rk-responsive-contact-form 1.0 – Authenticated Blind SQL Injection Event Espresso …

New WordPress vulnerability checks week 33 Read More »

SQL Injection and CSRF Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer …

SQL Injection and CSRF Security Vulnerability in Loginizer Read More »

New owner

WPScans.com was recently sold on Flippa.com and I would like to introduce myself as the new owner. My name is Jonas Lejon and i’ve been working with Cyber Security since 17 years. The last 7 years I have also been working with WordPress Security. In the past i’ve built several security related web services such …

New owner Read More »