Website Security News
The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7. This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable. Timeline 2019/06/26 – Initial contact to…
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser…
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit of the plugin, we found…
Read More about WordPress Plugin Give – Stored XSS for Donors
The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, which…
Read More about Multiple Vulnerabilities in the WordPress Ultimate Member Plugin
While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises. Now it’s being leveraged again…
