Adobe Patches Critical RCE Vulnerability in Magento2
Ben Martin On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked…
Browsing Category
Vulnerability Disclosure
254 posts
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic…
What is the Log4j Vulnerability?
Editorial: This post was last updated October 17th, 2022. What is the Log4j vulnerability? Originally found on the popular game Minecraft, this critical server security…
Adobe Patches Critical Magento Vulnerabilities in Recent Update
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of…
Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a…
PHP Repository Exploited by Hackers
Antony Garand The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject…
Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin
Rodrigo Escobar In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of…
Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster
John Castro NextScripts: Social Networks Auto-Poster is a plugin that automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger,…
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of…
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…