Vulnerability Disclosure

Reflected XSS in WordPress v5.5.1 and Lower

Reflected XSS in WordPress v5.5.1 and Lower

| | Black Hat Tactics, Hacked Websites, Malware, Sucuri Labs, Vulnerability Disclosure, Website Security, wordpress security
WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug in the way WordPress determines a user’s ...
Sucuri Blog
Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

| | Vulnerability Disclosure, WordPress Plugins and Themes
NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, ...
Sucuri Blog
Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

| | 9/11, bug bounty, bug bounty program, cisa, Department of Homeland Security, directive, Federal, government, Industry News, responsible disclosure, vulnerability, Vulnerability Disclosure
CISA drafts directive to create a vulnerability disclosure policy for government websites and apps Agency seeks to centralize the effort via a standard vulnerability disclosure platform service next spring Cybersecurity veteran Katie ...
HOTforSecurity
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

| | Malware Cleanup, Secure Development, Vulnerability Disclosure, WordPress Plugins and Themes, wordpress security
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this ...
Sucuri Blog
Thousands of websites at risk from critical WordPress plugin vulnerability

Thousands of websites at risk from critical WordPress plugin vulnerability

| | Industry News, Vulnerability Disclosure, vulnerability exploit, WordPress exploit, Wordpress vulnerability
A critical vulnerability in a third-party plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. The vulnerability, discovered by security researchers at Wordfence, hides in ...
HOTforSecurity

Vulnerabilities Digest: June 2020

| | Black Hat Tactics, Hacked Websites, Malware Updates, Redirects, Security Advisory, Security Education, SEO spam, Vulnerability Disclosure, Webserver Infections, WordPress Plugins and Themes, XSS
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...
Sucuri Blog
Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

| | Black Hat Tactics, Hacked Websites, Vulnerability Disclosure, WordPress Plugins and Themes, XSS
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of ...
Sucuri Blog

Vulnerable Plugins: June 2020 Update

| | Black Hat Tactics, Hacked Websites, Malware, Obfuscation, Redirects, Security Advisory, vulnerability, Vulnerability Disclosure, WordPress Plugins and Themes
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. PluginVulnerabilityPatched VersionInstalls Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate ...
Sucuri Blog
OneTone Vulnerability Leads to JavaScript Cookie Hijacking

OneTone Vulnerability Leads to JavaScript Cookie Hijacking

| | Black Hat Tactics, Hacked Websites, Vulnerability Disclosure, Website Backdoor, Website Malware Infections, Website Security, WordPress Plugins and Themes, wordpress security, XSS
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave ...
Sucuri Blog
vulnerability disclosure marketing

Best Practices for Vulnerability Disclosure Marketing

| | Data breach, Marketing, Security Awareness, Vulnerability Disclosure
When a data breach occurs, here’s how to handle the vulnerability disclosure to the public via marketing methods It’s no secret that data breaches are on the rise, with one occurring every ...
Security Boulevard
Load more