Security Advisory Archives

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins

Daniel Cid

April 20, 2015

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by…

Read the Post

FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities

Daniel Cid

April 7, 2015

The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited…

Read the Post

Security Advisory: Persistent XSS in WP-Super-Cache

Marc-Alexandre Montpas

April 7, 2015

During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…

Read the Post

Security Advisory: MainWP-Child WordPress Plugin

Mickael Nadeau

March 9, 2015

During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to WordPress.org, it…

Read the Post

Security Advisory – WP-Slimstat 3.9.5 and Lower

Marc-Alexandre Montpas

February 24, 2015

WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…

Read the Post

Advisory – Dangerous “nonce” Leak in UpdraftPlus

Marc-Alexandre Montpas

February 3, 2015

If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…

Read the Post

AdSense Abused with Malvertising Campaign

Denis Sinegubko

January 14, 2015

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them…

Read the Post

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

Daniel Cid

December 24, 2014

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the…

Read the Post

SoakSoak Malware Compromises 100,000+ WordPress Websites

Tony Perez

December 14, 2014

This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts…

Read the Post

Security Advisory – High Severity– WordPress Download Manager

Mickael Nadeau

December 3, 2014

If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall…

Read the Post

Security Advisory – High Severity – InfiniteWP Client WordPress plugin

Marc-Alexandre Montpas

December 2, 2014

If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…

Read the Post