Website Security News
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database…
While investigating the Duplicate Page plugin, we have discovered a dangerous SQL Injection vulnerability. Though the plugin wasn’t abused externally, the vulnerability impacted over 800,000 sites. Its urgency is defined…
Read More about SQL Injection in Duplicate-Page WordPress Plugin
Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of…
During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met,…
Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you can read all about vulnerabilities…
Read More about SQL Injection Vulnerability in WP Statistics
During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and doesn’t require a privileged account…
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin…
Read More about SQL Injection Vulnerability in NextGEN Gallery for WordPress
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. Vulnerability…
Nov 2016 Update: We released a new free guide to help you identify and remove Joomla hacks. Read the Guide! Last week, the Joomla team released an update to patch…
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory…
Read More about Joomla 3.4.5 Released, Fixing a Serious SQL Injection Vulnerability
Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new post with recovery information and…
