Insights That Australia’s Report on Chinese Hacking Campaign Has for Securing WordPress Websiteswww.pluginvulnerabilities.com This week the Australian government released an advisory focused on a Chinese hacking campaign, which includes a couple of case studies looking in to successful hacks. The information in the advisory
Plugin Vulnerabilities
Provider of service to protect websites from being exploited due to vulnerable WordPress plugins. https://www.pluginvulnerabilities.com/
WordPress Plugin Developers Can Use security.txt Files to Aid in Getting Security Issues Reported to Themwww.pluginvulnerabilities.com In May, we found that numerous security providers had failed to catch that a vulnerability in the 100,000+ install WordPress plugin Genesis Block hadn't been fully fixed. It was a good reminder of the
5 WordPress Plugins Compromised; Millions of Websites at Riskwww.esecurityplanet.com Hackers exploited popular WordPress plugins, putting millions of WordPress websites under threat.
Vulnerability in WordPress Software Bill of Materials (SBOM) Plugin Allows Anyone Access to SBOM for Websitewww.pluginvulnerabilities.com A software bill of materials (SBOM) is used to provide information on the software components that make up a larger software system. There has been a lot of focus on them recently as a way to try to b
WooCommerce is Exposing Private Product Information Through Store APIwww.pluginvulnerabilities.com While looking into something related to the now discontinued WooCommerce Blocks plugin from Automattic, we noticed what appeared to be a vulnerability in that. That plugin has long been incorporated i
Attacker Adding Malicious Code to Legitimate WordPress Plugins in Plugin Directory Quickly Caughtwww.pluginvulnerabilities.com When it comes to vulnerabilities in WordPress plugins, they often go unnoticed for years, as was the case with a vulnerability we ran across in WooCommerce this week. But with another situation in the
Reddit - Dive into anythingwww.reddit.com u/dbaseas
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attackarstechnica.com Malicious updates available from WordPress.org create attacker-controlled admin account.
WooCommerce is Exposing Private Product Information Through Store APIwww.pluginvulnerabilities.com While looking into something related to the now discontinued WooCommerce Blocks plugin from Automattic, we noticed what appeared to be a vulnerability in that. That plugin has long been incorporated i
uwu whats this - Pastebin.compastebin.com Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
WordPress RFC WordPress 6.0.8 Shell Upload ≈ Packet Stormpacketstormsecurity.com Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
EP484 - Whose WordPress is it anyway? - WPwatercoolerwpwatercooler.com On this episode, Jason Tucker and Sé Reed discuss the concept of who "owns" the WordPress open-source project and the broader question of who controls WordPress, highlighting the tension between the o...
WordPress Isn’t Warning Users of Plugin With Unfixed Vulnerability That Is Being Exploitedwww.pluginvulnerabilities.com This week, our Plugin Vulnerabilities Firewall plugin has blocked several attempts across our websites to exploit a vulnerability in a WordPress plugin. In investigating the attacks, we found that the
At Least 10,000 WordPress Websites Still Have Exploited Versions of Icegram Express Plugin Installedwww.pluginvulnerabilities.com Yesterday, we detailed our findings on a SQL injection vulnerability that had been in the WordPress plugin Icegram Express, after having a hacker try to exploit it on our website. The vulnerability wa
Privilege Escalation Vulnerability in Pretty Linkswww.pluginvulnerabilities.com One of the changelog entries for the latest version of the WordPress plugin Pretty Links is "Security hardening." Looking at the changes made, we found that a nonce check to prevent cross-site request
Hacker Targeting Recently Incompletely Fixed Vulnerability in WordPress Plugin Icegram Expresswww.pluginvulnerabilities.com Over the weekend, we had a hacker attempt to exploit a SQL injection vulnerability that turned out to be one fixed recently in the 90,000+ install WordPress plugin Icegram Express on our website. We d
Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in WP jQuery Lightbox (WP Lightbox)www.pluginvulnerabilities.com One of the changelog entires for the latest version of the WordPress plugin WP jQuery Lightbox (WP Lightbox) is "Minor security fix (issue only affected authenticated users)." Checking in to that, we
AI Helps Catch CSRF Vulnerability Being Introduced in to 100,000+ Install WordPress Plugin Modulawww.pluginvulnerabilities.com Three years ago, a prominent WordPress security provider claimed that increasing numbers of vulnerabilities claimed to be discovered in WordPress plugins was caused not by more vulnerabilities being i
Reflected Cross-Site Scripting (XSS) Vulnerability in Dynamic QR Code Generatorwww.pluginvulnerabilities.com The WordPress plugin Dynamic QR Code Generator was closed on the WordPress plugin directory last year with the only explanation given that it had a "Security Issue." No further details of the issue we
Our Proactive Monitoring Caught an Authenticated Arbitrary File Upload Vulnerability in Appointment Booking and Online Schedulingwww.pluginvulnerabilities.com One way we help to improve the security of WordPress plugins, not just for customers of our service, but for everyone using them, is our proactive monitoring of changes made to plugins in the Plugin