When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak … [Read more...]
WPScan Intro: WordPress Vulnerability Scanner
Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box vulnerability scanner for … [Read more...]
Security advisory: Stored XSS in Jetpack
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version: 3.7.1 During a routine audit for our WAF, … [Read more...]
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search … [Read more...]
Magento Shoplift (SUPEE-5344) Exploits in the Wild
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can … [Read more...]
Creative Evasion Technique Against Website Firewalls
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to … [Read more...]
Security Advisory – High Severity– WordPress Download Manager
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File … [Read more...]
Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and … [Read more...]
JoomDonation Compromised
We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into … [Read more...]
