Critical Persistent XSS 0day in WordPress
Marc-Alexandre Montpas *Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…
Browsing Category
Vulnerability Disclosure
254 posts
Magento Shoplift (SUPEE-5344) Exploits in the Wild
Daniel Cid As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it…
Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately!
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more than two months…
Security Advisory: Persistent XSS in WP-Super-Cache
During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…
Understanding WordPress Plugin Vulnerabilities
When WordPress vulnerabilities are disclosed in plugins, there are often many questions. Some are minor issues, some are more relevant, while others are what we’d…
Security Advisory: MainWP-Child WordPress Plugin
Mickael Nadeau During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to WordPress.org, it…
Malware Cleanup to Arbitrary File Upload in Gravity Forms
Rodrigo Escobar During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it…
Security Advisory – WP-Slimstat 3.9.5 and Lower
WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…
Vulnerability Disclosures – A Note To Developers
This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code.…
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
Zero-day in the Fancybox-for-WordPress Plugin
Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…