Security – Internet, WordPress, and otherwise

igniteup-3-4-1-multiple-issues Theme Builder Layout

IgniteUp < 3.4.1 – Multiple Issues

All issues can be triggered by unauthenticated users: - Arbitrary File Deletion - HTML injection & CSRF in email messages - Stored Cross-Site Scripting - Disclosure of subscribers' email address - Arbitrary subscriber deletion - Arbitrary plugin’s template...

read more
5-common-wordpress-security-issues Theme Builder Layout

5 Common WordPress Security Issues

If you own a WordPress-powered website or are considering using WordPress as your CMS, you may be concerned about potential WordPress security issues. In this post, we’ll outline a few of the most common WordPress security vulnerabilities, along with steps you can...

read more
wp-vcd-the-malware-you-installed-on-your-own-site Theme Builder Layout

WP-VCD: The Malware You Installed On Your Own Site

One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new...

read more
how-to-protect-your-wordpress-site-from-getting-hacked Theme Builder Layout

How to Protect Your WordPress Site from Getting Hacked

There is nothing scarier than your WordPress site being compromised and you feel helpless not knowing what to do to protect your WordPress site from Hackers. It takes a toll on your business, your revenue, your brand’s reputation and you even lose your sleep over it....

read more
groundhogg Theme Builder Layout

Groundhogg <= – Authenticated Reflected XSS

Proof of Concept # Exploit Title: Wordpress Groundhogg <= Authenticated Reflected XSS Vulnerability # Date: 22-10-2019 # Exploit Author: Lucian Ioan Nitescu # Contact: # Webiste: # Vendor...

read more
case-of-the-invisible-css-selection Theme Builder Layout

Case of the Invisible CSS ::selection

Recently I noticed a weird bug in my free WordPress security plugin, Banhammer. For some reason, I could not select any text on the page. Usually when you click and move the mouse cursor over some text, it becomes highlighted and displayed in some other color. But...

read more
stored-xss-patched-in-syntaxhighlighter-evolved-plugin Theme Builder Layout

Stored XSS Patched in SyntaxHighlighter Evolved Plugin

This entry was posted in Vulnerabilities, WordPress Security on October 22, 2019 by Matt Barry   2 RepliesDescription: Stored XSSCVSS Severity Score: 6.1 (Medium)CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NAffected Software:...

read more
open-redirect-vulnerability-patched-in-bridge-theme Theme Builder Layout

Open Redirect Vulnerability Patched In Bridge Theme

Description: Open RedirectCVSS v3.0 Score: 7.1 (High)CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LAffected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter FeedPlugin Slugs:...

read more
how-to-detect-and-fix-wordpress-malware-redirect-hack Theme Builder Layout

How to Detect and Fix WordPress Malware Redirect Hack

Dealing with a WordPress Malware Redirect Hack, in general, is always a frustrating experience. The malware can come in many forms and present itself with different symptoms, so to speak. It can change the layout of your site, something referred to as defacing, it can...

read more
sliced-invoices Theme Builder Layout

Sliced Invoices <= 3.8.2 – Multiple Vulnerabilities

Description- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods...

read more
wordpress-5-2-4-release-addresses-several-security-issues Theme Builder Layout

WordPress 5.2.4 Release Addresses Several Security Issues

The core WordPress team released version 5.2.4 of WordPress on October 14. The release addresses six security issues that were all privately reported through WordPress’ responsible disclosure procedure. Like any security release, users should update immediately to the...

read more
wordpress-5-2-4-security-release Theme Builder Layout

WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues.WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have...

read more

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More