On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
If you own a website and collaborate with other people, the Principle of Least Privilege (PoLP) is a crucial security concept which has applications and…
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
The complexity of modern websites exposes countless potential vulnerabilities to lurking attackers. One of the most underestimated threats? Broken Access Control (BAC). The risk lies…
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus…
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days…