SQL Injection

WordPress 6.0.2 Security and Maintenance Release

WordPress 6.0.2 Security and Maintenance Release

A new security and maintenance WordPress-release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. This new version has version number 6.0.2. Because this release contains security fixes, it is recommended that you update all your sites immediately. All versions since WordPress 3.7 have also been updated. If you have …

WordPress 6.0.2 Security and Maintenance Release Read More »

WooCommerce Unauthenticated SQL Injection Vulnerability

WooCommerce Unauthenticated SQL Injection Vulnerability

On 15th July 2021, news was going around regarding an unauthenticated SQL Injection in WooCommerce. WooCommerce released a blog post about the vulnerabilities here: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/#. The vulnerabilities were detected on the 13th of July and fixed in WooCommerce versions 3.3.6 to 5.5.1 and WooCommerce Blocks versions 2.5.16 to 5.5.1. This blog post is a short …

WooCommerce Unauthenticated SQL Injection Vulnerability Read More »

SQL Injection and CSRF Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer …

SQL Injection and CSRF Security Vulnerability in Loginizer Read More »