Global CyberSecurity
Reflected XSS in WordPress Plugin Admin Pages
Post Views: 1,665 The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin ...
Global CyberSecurity
Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster
Post Views: 2,175 NextScripts: Social Networks Auto-Poster is a plugin that automatically publishes posts from your blog to your Social Media accounts such ...
Global CyberSecurity
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Post Views: 1,743 Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access ...
Global CyberSecurity
Using assert() to Execute Malware in PHP 7 Environments
Post Views: 1,380 Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the ...
Global CyberSecurity
Persistent WordPress User Injection
Post Views: 1,553 Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The ...
Global CyberSecurity
Magento Multiversion (1.x/2.x) Backdoor
Post Views: 2,210 The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to ...
Global CyberSecurity
COVID-19 Chloroquine Pharmaspam
Post Views: 1,800 A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The ...
