Vulnerability Disclosure Archives

Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

Marc-Alexandre Montpas
March 13, 2019

While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and…

Read the Post

Outdated Duplicator Plugin RCE Abused

Peter Gramantik
September 14, 2018

We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked…

Read the Post

WordPress Update – 4.9.7 Security & Maintenance Release

Marc-Alexandre Montpas
July 5, 2018

The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues. Included in this release…

Read the Post

SQLi Vulnerability in YITH WooCommerce Wishlist

John Castro
January 16, 2018

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress.…

Read the Post

SQL Injection in bbPress

Marc-Alexandre Montpas
November 13, 2017

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If…

Read the Post

Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

Rodolfo Assis
September 26, 2017

Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for…

Read the Post

SQL Injection Vulnerability in WP Statistics

John Castro
June 30, 2017

Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you…

Read the Post

SQL Injection Vulnerability in Joomla! 3.7

Marc-Alexandre Montpas
May 17, 2017

During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and…

Read the Post

SQL Injection Vulnerability in NextGEN Gallery for WordPress

Slavco Mihajloski
February 27, 2017

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…

Read the Post

Content Injection Vulnerability in WordPress

Marc-Alexandre Montpas
February 1, 2017

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…

Read the Post

Joomla Exploits in the Wild Against CVE-2016-8870 and CVE-2016-8869

Daniel Cid
October 28, 2016

Exactly 3 days ago, the Joomla team issued a patch for a high-severity vulnerability that allows remote users to create accounts and increase their privileges…

Read the Post