Joomla Account Creation Vulnerability
Daniel Cid The Joomla team released a patch for a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these…
Browsing Category
Vulnerability Disclosure
254 posts
SQL Injection Vulnerability in Ninja Forms
Marc-Alexandre Montpas As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently…
WP Mobile Detector Vulnerability Being Exploited in the Wild
Douglas Santos ***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t…
Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly…
Security Advisory: Stored XSS in Jetpack
During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…
ImageMagick Remote Command Execution Vulnerability
ImageMagick is a popular software used to convert, edit and manipulate images. It has libraries for all common programming languages, including PHP, Python, Ruby and…
Security Advisory: Stored XSS in bbPress
During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on…
Security Advisory: Stored XSS in Magento
During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely.…
Using WPScan: Finding WordPress Vulnerabilities
Alycia Mitchell When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…
Vulnerability Details: Joomla! Remote Code Execution
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected…
Critical 0-day Remote Command Execution Vulnerability in Joomla
Nov 2016 Update: If you need to clean your hacked Joomla site, we have released a new free guide to show you how to identify…