jQuery.min.php Malware Affects Thousands of Websites
Denis Sinegubko Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
Browsing Category
Security Advisory
236 posts
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Security Advisory: Stored XSS in Jetpack
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…
WordPress Malware – Active VisitorTracker Campaign
Daniel Cid We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the…
Security Advisory: Object Injection Vulnerability in WooCommerce
During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by…
FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited…
Security Advisory: Persistent XSS in WP-Super-Cache
During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…
Security Advisory: MainWP-Child WordPress Plugin
Mickael Nadeau During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to WordPress.org, it…
Security Advisory – WP-Slimstat 3.9.5 and Lower
WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…
Advisory – Dangerous “nonce” Leak in UpdraftPlus
If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…