Welcome to Stratusclear

Show me more

Latest Blog Posts

  • Arbitrary Directory Deletion in WP-Fastest-Cache

    The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path More Info »

    Read More

  • Uncommon Radixes Used in Malware Obfuscation

    Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file: There were several layers of obfuscation. During the final stage of decoding, I More Info »

    Read More

  • Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

    While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of More Info »

    Read More

NEED WORDPRESS HELP?

We will get the job done! Finding innovative solutions to your obstacles is our specialty.