Tag: Vulnerability Disclosure

SQL Injection Vulnerability in Ninja Forms

August 16, 2016

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, … [Read more...]

WP Mobile Detector Vulnerability Being Exploited in the Wild

June 2, 2016

***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t … [Read more...]

Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005

May 31, 2016

It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly … [Read more...]

Security Advisory: Stored XSS in Jetpack

May 27, 2016

During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, … [Read more...]

Security Advisory: Stored XSS in Magento

January 22, 2016

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 7/10 Vulnerability: Stored XSS Patched Version: Magento CE: 1.9,2.3, Magento EE: 1.14.2.3 … [Read more...]

Vulnerability Details: Joomla! Remote Code Execution

December 15, 2015

The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty … [Read more...]

Security Advisory: Stored XSS in Akismet WordPress Plugin

October 14, 2015

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version: 3.1.5 During a routine audit for our WAF, … [Read more...]

Security advisory: Stored XSS in Jetpack

October 1, 2015

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version: 3.7.1 During a routine audit for our WAF, … [Read more...]

Persistent XSS Vulnerability in WordPress Explained

August 11, 2015

Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team released … [Read more...]

BIND9 – Denial of Service Exploit in the Wild

August 2, 2015

BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most … [Read more...]