• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Blog Category: Vulnerability Disclosure

vulnerability-disclosure-blog-category

Read the latest vulnerability disclosures affecting server applications and content management systems like WordPress, Joomla, Drupal, and Magento. Learn about major vulnerabilities in popular plugins and extensions, and how to mitigate zero-day vulnerabilities so you can prevent website hacks.

You can learn more about how we score vulnerabilities in WordPress and other platforms using the DREAD score.

April 2022 Sucuri Vulnerability Roundup

April 26, 2022Antony Garand

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important…

Read More about Vulnerability Roundup – April 2022

April 13, 2022Antony Garand

Critical RCE Vulnerability in Elementor WordPress Plugin

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin…

Read More about Critical RCE Vulnerability in Elementor WordPress Plugin

February 16, 2022Ben Martin

Adobe Patches Critical RCE Vulnerability in Magento2

On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS…

Read More about Adobe Patches Critical RCE Vulnerability in Magento2

December 21, 2021Ben Martin

Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic Marc Montpas recently discovered two…

Read More about Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

December 14, 2021Ben Martin

Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the…

Read More about Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

Vulnerability in Magento

August 13, 2021Ben Martin

Adobe Patches Critical Magento Vulnerabilities in Recent Update

Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according…

Read More about Adobe Patches Critical Magento Vulnerabilities in Recent Update

WordPress Vulnerablity Disclosre

May 17, 2021Ben Martin

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which…

Read More about Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

PHP repository exploited by hackers

March 29, 2021Antony Garand

PHP Repository Exploited by Hackers

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully,…

Read More about PHP Repository Exploited by Hackers

WordPress Vulnerability

January 19, 2021Rodrigo Escobar

Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin

In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to…

Read More about Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin

WordPress Vulnerability Detail

October 30, 2020Marc-Alexandre Montpas

Reflected XSS in WordPress v5.5.1 and Lower

WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines…

Read More about Reflected XSS in WordPress v5.5.1 and Lower

WordPress Vulnerability

September 4, 2020John Castro

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram,…

Read More about Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.