Tag Archives: sql injection

SQL Injection in Advance Contact Form 7 DB

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database using a friendly interface. Though the bug has been fixed More Info »

SQL Injection in Magento Core

Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of these vulnerabilities require the attacker to be authenticated on the site and have some level of privilege. One of the bugs listed includes an SQL More Info »

OWASP Top 10 Security Risks – Part I

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks. OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and More Info »

SQLi Vulnerability in YITH WooCommerce Wishlist

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites. Are You at Risk? This vulnerability More Info »

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on More Info »

SQL Injection Vulnerability in WP Statistics

As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues. While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites. Are You at Risk? This vulnerability is caused by the More Info »

SQL Injection Vulnerability in Joomla! 3.7

During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site. Are You at Risk? The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. If you use this version, you More Info »

SQL Injection Vulnerability in NextGEN Gallery for WordPress

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive More Info »