Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster

NextScripts: Social Networks Auto-Poster is a plugin that  automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, ...
Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

CISA drafts directive to create a vulnerability disclosure policy for government websites and apps Agency seeks to centralize the effort via a standard vulnerability disclosure platform service next spring Cybersecurity veteran Katie ...
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites

Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this ...
Thousands of websites at risk from critical WordPress plugin vulnerability

Thousands of websites at risk from critical WordPress plugin vulnerability

A critical vulnerability in a third-party plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. The vulnerability, discovered by security researchers at Wordfence, hides in ...

Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...
Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of ...

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. PluginVulnerabilityPatched VersionInstalls Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate ...
OneTone Vulnerability Leads to JavaScript Cookie Hijacking

OneTone Vulnerability Leads to JavaScript Cookie Hijacking

A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave ...
vulnerability disclosure marketing

Best Practices for Vulnerability Disclosure Marketing

When a data breach occurs, here’s how to handle the vulnerability disclosure to the public via marketing methods It’s no secret that data breaches are on the rise, with one occurring every ...
Security Boulevard

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server ...