Website Security News
Read the latest vulnerability disclosures affecting server applications and content management systems like WordPress, Joomla, Drupal, and Magento. Learn about major vulnerabilities in popular plugins and extensions, and how to mitigate zero-day vulnerabilities so you can prevent website hacks.
You can learn more about how we score vulnerabilities in WordPress and other platforms using the DREAD score.
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to…
The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues. Included in this release is a patch that protects…
Read More about WordPress Update – 4.9.7 Security & Maintenance Release
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and…
Read More about SQLi Vulnerability in YITH WooCommerce Wishlist
During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met,…
Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for our Sucuri Firewall (WAF), we…
Read More about Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you can read all about vulnerabilities…
Read More about SQL Injection Vulnerability in WP Statistics
During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and doesn’t require a privileged account…
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin…
Read More about SQL Injection Vulnerability in NextGEN Gallery for WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered…
Read More about Content Injection Vulnerability in WordPress
Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their privileges on any Joomla site. Both…
Read More about Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869
The Joomla team released a patch for a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these versions of Joomla, you’re encouraged…
