XSS

CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress

A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2020-9334, exists in a popular WordPress plugin called Envira Photo Gallery, rendering over 100,000 websites vulnerable to phishing attacks, stealing administrator’s session tokens, etc. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Envira …

CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress Read More »

WordPress 5.3.1 security and maintenance release

WordPress 5.3.1 is a security and maintenance release that has 46 fixes and enhancements. And even better, it fixes serval security problems found by the following people: Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API. Simon Scannell of RIPS Technologies for finding and disclosing an issue …

WordPress 5.3.1 security and maintenance release Read More »

XSS in popular WooCommerce Product Vendors plugin

  The popular WooCommerce WordPress plugin, used by 28 percent of all online stores, was just patched against a reflected cross-site scripting vulnerability (XSS). The vulnerability was found by the company SiteLock. The plugin vulnerability was disclosed to Automattic, the owner of, via its HackerOne security bounty program. The fix for the vulnerability was released on July …

XSS in popular WooCommerce Product Vendors plugin Read More »