MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
Daniel Cid A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due…
Browsing Category
Vulnerability Disclosure
254 posts
SQL Injection Vulnerability – vBulletin 5.x
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member…
Disclosure: Insecure Nonce Generation in WPtouch
Marc-Alexandre Montpas If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file…
TimThumb WebShot Code Execution Exploit (Zeroday)
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned.…
Disclosure: Remote Code Execution Vuln in Disqus
We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform…
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching…
Critical Update for JetPack WordPress Plugin
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to…
JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content…
Security Exploit Patched on vBulletin – PHP Object Injection
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8,…
Joomla Security Updates – Version 2.5.19 and 3.2.3 Released
The Joomla team just released two security updates and pushed out the stable versions for Joomla 2.5.19 and 3.2.3. If you run your site on…