Cross-Site Request Forgery

The Top WordPress Vulnerabilities in 2021

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them)

There are over 28 million WordPress websites currently online. Unfortunately, this popularity makes the platform vulnerable to hacking, with attacks on WordPress sites becoming more commonplace in recent years. Like many site owners and developers, you may already be familiar with some WordPress security issues and you’re probably looking to reduce your exposure to a …

The Top WordPress Vulnerabilities in 2021 (And How to Combat Them) Read More »

CVE-2020-8417: From CSRF to RCE and WordPress-site takeover

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417

A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Code Snippets Vulnerability? The National Vulnerability …

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 Read More »

SQL Injection and CSRF Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer …

SQL Injection and CSRF Security Vulnerability in Loginizer Read More »