• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Search Results for: RCE

CORS cross origin resource sharing

October 21, 2020Northon Torga

A Quick Glance at Cross-Origin Resource Sharing Security Headers

Thanks to the rapid growth of JavaScript frameworks such as Angular, Vue, and React, CORS has become a popular word in the developer’s vocabulary. When requesting information from an external source such as an API (a pretty common practice for client-side JavaScript code), the origin…

Read More about A Quick Glance at Cross-Origin Resource Sharing Security Headers

Reverse String WooCommerce

July 27, 2020Ben Martin

Reverse String WooCommerce WordPress Credit Card Swiper

As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a…

Read More about Reverse String WooCommerce WordPress Credit Card Swiper

cPanel Password Reset Vulnerability

June 22, 2020John Castro

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin. Current…

Read More about Cross Site Scripting in YITH WooCommerce Ajax Product Filter

PinnacleCart Server-Side Skimmer & Backdoor

May 15, 2020Luke Leal

WordPress Malware Collects Sensitive WooCommerce Data

During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These…

Read More about WordPress Malware Collects Sensitive WooCommerce Data

WordPress Database Bruteforce

March 11, 2020Denis Sinegubko

WordPress Database Brute Force and Backdoors

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not…

Read More about WordPress Database Brute Force and Backdoors

Fake AmeriCommerce Shopping Cart

January 23, 2020Denis Sinegubko

Fake AmeriCommerce Shopping Cart

Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution that allows users to run…

Read More about Fake AmeriCommerce Shopping Cart

Black Friday Cyber Monday Threats

November 25, 2019Luke Leal

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November…

Read More about Black Friday/Cyber Monday Ecommerce Security Threats

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

September 25, 2019Marc-Alexandre Montpas

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…

Read More about Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Labs Note

September 18, 2019John Castro

Unauthenticated settings update in woocommerce-ajax-filters

woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an external malicious URL when the…

Read More about Unauthenticated settings update in woocommerce-ajax-filters

How to Improve Ecommerce Security

August 28, 2019Chase Watts

How to Improve Ecommerce Security

If you have an ecommerce website, you are certainly concerned about its security. Business revenue depends on your online presence and having a website compromise is far from desirable. In…

Read More about How to Improve Ecommerce Security

Stolen Payment Data Infected Ecommerce Website to Darknet Markets

July 16, 2019Luke Leal

Stolen Payment Data: Infected Ecommerce Website to Darknet Markets

The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it….

Read More about Stolen Payment Data: Infected Ecommerce Website to Darknet Markets

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.