Website Security News
Read the latest vulnerability disclosures affecting server applications and content management systems like WordPress, Joomla, Drupal, and Magento. Learn about major vulnerabilities in popular plugins and extensions, and how to mitigate zero-day vulnerabilities so you can prevent website hacks.
You can learn more about how we score vulnerabilities in WordPress and other platforms using the DREAD score.
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according to Adobe, although they list only 16 specific issues in the patch notes. Eleven of…
Read More about Adobe Patches Critical Magento Vulnerabilities in Recent Update
If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which…
Read More about Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully,…
In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to…
Read More about Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin
WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines…
NextScripts: Social Networks Auto-Poster is a plugin that automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram,…
Read More about Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable…
Read More about Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and…
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current…
Read More about Cross Site Scripting in YITH WooCommerce Ajax Product Filter
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated…
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection — 100000 Add-on SweetAlert Contact Form…
