Vulnerabilities Digest: June 2020
John Castro Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…
Browsing Category
Security Advisory
230 posts
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version…
Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug
Northon Torga Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you…
Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4
Marc-Alexandre Montpas An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to…
Fake French Police Sextortion Scam
Luke Leal There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method…
An Indirect Way to Change cPanel Passwords
There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is…
Zero-Day RCE in vBulletin v5.0.0-v5.5.4
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This…
Fake Human Verification Spam
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Misuse of WordPress update_option() function Leads to Website Infections
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…
Spam That Fits Your Website
Gabriel Barbosa Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to…
Lightbox Adware – From Innocent Scripts to Malicious Redirects
Cesar Anjos It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the…