Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered

Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw, discovered by vulnerability ...

Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand

October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin ...
Reflected XSS in WordPress Plugin Admin Pages

Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has ...
Meetup.com Vulnerabilities Cause Privilege Escalation and Payment Redirection

Privilege Escalation on Meetup.com Enabled Redirection of Payments

The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...

92% of the world’s top websites expose customer data to attackers

Tala’s Global Data at Risk: 2020 State of the Web Report indicates that sensitive data like PII and credit card information has never been more at risk - and security effectiveness is ...

Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...
Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of ...

Hackers are using the COVID-19 crisis to attack with Magecart

During these difficult times, people are increasingly relying on e-commerce. It’s never been more important to defend against Magecart and other client-side attacks, says Tala CEO Aanand Krishnan ...

Web scammers are using the COVID-19 crisis to attack your customers with Magecart and other client-side exploits

During these difficult times, people are increasingly relying on e-commerce. It’s never been more important to defend against Magecart and other client-side attacks, says Tala CEO Aanand Krishnan ...

Web scammers are using the COVID-19 crisis to attack with Magecart

During these difficult times, people are increasingly relying on e-commerce. It’s never been more important to defend against Magecart and other client-side attacks, says Tala CEO Aanand Krishnan ...