Tag Archives: Vulnerability Disclosure

ThinkPHP 5.x Remote Code Execution

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was released for the versions v5.0.23 and More Info »

SQL Injection in Advance Contact Form 7 DB

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database using a friendly interface. Though the bug has been fixed More Info »

SQL Injection in Duplicate-Page WordPress Plugin

While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts over 800,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of this vulnerability is that More Info »

SQL Injection in Magento Core

Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of these vulnerabilities require the attacker to be authenticated on the site and have some level of privilege. One of the bugs listed includes an SQL More Info »

Stored XSS Patched in WordPress 5.1.1

WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied. We are not aware of any exploit attempts using the vulnerability currently. Should More Info »

Zero-Day Stored XSS in Social Warfare

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site. A patch has been released and More Info »

0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in the More Info »

Arbitrary Directory Deletion in WP-Fastest-Cache

The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path More Info »

Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of More Info »