Website Security News
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important…
Read More about WordPress Vulnerabilities & Patch Roundup — July 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…
Read More about WordPress Vulnerabilities & Patch Roundup — June 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled…
Read More about WordPress Vulnerabilities & Patch Round-up — May 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…
Read More about WordPress Vulnerabilities & Patch Roundup — April 2022
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin…
Read More about Critical RCE Vulnerability in Elementor WordPress Plugin
The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully,…
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator…
Read More about Reflected XSS in WordPress Plugin Admin Pages
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable…
Read More about Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research,…
Read More about Duplicated Vulnerabilities in WordPress Plugins
A reflected XSS vulnerability has recently been found in the Cookiebot plugin plugin, impacting a user base of over 40k installs. Versions prior to 3.6.1 are susceptible to this attack,…
Read More about Reflected XSS in Cookiebot Administrative Page
A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS attacks via the admin dashboard….
Read More about Reflected XSS in Advanced Ads Admin Dashboard
