Website Security News
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 70000 Real Estate 7 Reflected XSS 3.0.4 8000 CarePlus Reflected…
An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has…
As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a…
Read More about Reverse String WooCommerce WordPress Credit Card Swiper
We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” — probably referring to a Croatian Magento consulting…
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading…
Read More about Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in…
Read More about Spox Phishing Kit Harvests Chase Bank Credentials
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although these are certainly two of…
Read More about Pirated WordPress Plugins Bundled with Backdoors
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and…
It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative…
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current…
Read More about Cross Site Scripting in YITH WooCommerce Ajax Product Filter
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated…
