Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
Daniel Cid It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly…
Browsing Category
Security Advisory
209 posts
Security Advisory: Stored XSS in Jetpack
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…
ImageMagick Remote Command Execution Vulnerability
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, Ruby and…
Security Advisory: Stored XSS in bbPress
During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on…
Beware of Unverified TLS Certificates in PHP & Python
Peter Kankowski Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your…
Security Advisory: Stored XSS in Magento
During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely.…
jQuery.min.php Malware Affects Thousands of Websites
Denis Sinegubko Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
Security Advisory: Stored XSS in Akismet WordPress Plugin
During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Security Advisory: Stored XSS in Jetpack
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…
WordPress Malware – Active VisitorTracker Campaign
We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the…
Security Advisory: Object Injection Vulnerability in WooCommerce
During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…