WPSec.com, Our WordPress Vulnerability Security Scanner has been updated with new functionality and reliability changes. Detect WAF – If there is a scanning problem such as a timeout, we will try to detect if there is a Web Application Firewall (WAF) blocking us. And if there is we will notify you via E-mail or on the web. Timeout detection – If there is a timeout we will now notify you. And we will skip the current scan and do the next one in the schedule and also do a WAF-scan. No plugins found – If we can’t find any plugins we will now notify you. Also we will run a WAF-scan to see if the problem might be related to[…]

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery (CSRF). This plugin is currently installed on 500,000+ websites. About the plugin According to WordPress.org: Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website. Are You at Risk? This vulnerability is caused by the lack of[…]