This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate Authenticated SQL Injection 5.8.4 40000 Brizy – Page Builder Improper Access Controls 1.0.126 60000 Careerfy Unauthenticated XSS 3.9.0 5000 SportsPress More Info »
Tag Archives: vulnerability
Security Advisory: Stored XSS in bbPress
Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version: bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites – one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: AprilRead More Info »
A tale of a DNS exploit: CVE-2015-7547
This post was written by Marek Vavruša and Jaime Cochran, who found out they were both independently working on the same glibc vulnerability attack vectors at 3am last Tuesday. A buffer overflow error in GNU libc DNS stub resolver code was announced last week as CVE-2015-7547. While it doesn’t have any nickname yet (last year’s More Info »
Using WPScan: Finding WordPress Vulnerabilities
When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at wpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list ofRead More Info »
A Different Kind of POP: The Joomla Unserialize Vulnerability
At CloudFlare, we spend a lot of time talking about the PoPs (Points of Presence) we have around the globe, however, on December 14th, another kind of POP came to the world: a vulnerability being exploited in the wild against Joomla’s Content Management System. This is known as a zero day attack, where it has More Info »
WPScan Intro: WordPress Vulnerability Scanner
Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box vulnerability scanner for WordPress sponsored by Sucuri and maintained by the WPScan Team, available free for Linux and Mac users. If you use Windows, you can install a virtual machineRead More Info »
Magento Shoplift (SUPEE-5344) Exploits in the Wild
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site. They have prepared the following video showing a Proof of Concept (PoC) in which they create a fake coupon: That’sRead More Info »
Creative Evasion Technique Against Website Firewalls
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post is going to be a bit code-heavy for most end-users, More Info »
Security Advisory – High Severity– WordPress Download Manager
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: <2.7.4 If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF), we found a dangerous More Info »
Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website Firewall More Info »
