Vulnerabilities Digest: March 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Cookiebot Reflected Cross-Site Scripting 3.6.1 40000 Data Tables Generator By Supsystic Authenticated Stored XSS 1.9.92 30000…
Browsing Category
Website Security
1012 posts
VPN: A Key to Securing an Online Work Environment
Marc Kranat The current COVID-19 epidemic is changing the way people work, rapidly moving to working remotely as I have done for 20 years. I am providing…
Assemble the Cookies
Luke Leal When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these…
Tiny WSO Webshell Loader
A PHP webshell is a common tool found on compromised environments. Attackers use webshells as backdoors, allowing them to maintain unauthorized access to a hacked…
Free Sucuri WAF for Medical & Social Services
Chase Watts During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on…
Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns
Justin Channell Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different. While we would hope that…
Tips for New Remote Workers
Juliana Lewis With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality…
Reflected XSS in Advanced Ads Admin Dashboard
Antony Garand A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS…
2020 Website Security Glossary
Art Martori As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone,…
Innocent Defacement
Cesar Anjos When we talk about defacements, we’re usually referring to attacks leading to a visual takeover of a website’s page ― consider it a form of…
Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…