Distributed Vulnerability Search – Told via Access Logs
Denis Sinegubko Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of…
Browsing Category
Vulnerability Disclosure
254 posts
WPScan Intro: WordPress Vulnerability Scanner
Alycia Mitchell Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box…
Security Advisory: Stored XSS in Akismet WordPress Plugin
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Brute Force Amplification Attacks Against WordPress XMLRPC
Daniel Cid Brute force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have…
Security Advisory: Stored XSS in Jetpack
During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugins in…
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search…
Persistent XSS Vulnerability in WordPress Explained
Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you’ll find one that we identified a few months…
BIND9 – Denial of Service Exploit in the Wild
BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and…
Webutation Distributing Malware Through Safety Badge
Krasimir Konov If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices…
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the website security terminology used to describe the causes and effects of…
Security Advisory: Object Injection Vulnerability in WooCommerce
During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…