Tag Archives: Wordpress plugins

SQL Injection Vulnerability in NextGEN Gallery for WordPress

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive More Info »

SQL Injection Vulnerability in Ninja Forms

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently installed on 600,000+ websites. Vulnerability Disclosure Timeline: August 11th 9:35 am, 2016 – Initial report to the Ninja Forms team August 11th 2:49 pm, 2016 – Public release of version… More Info »

A Plugin’s Expired Domain Poses a Security Threat to Websites

Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clients and our readers. Applying updates quickly will make sure that you replace any vulnerable code as soon as the security patch is released. However, this isn’t the only reason to keep… More Info »

Phishing Attacks Target Ecommerce Checkout Pages

Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where attackers targeted checkout pages and payment modules via malicious “patches” designed to steal payment details. These thefts can’t be easily detected by customers (no visible signs) nor the site owners… More Info »

Security Advisory: Stored XSS in Jetpack

During regular research audits for our Sucuri Firewall (Cloud-based WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites. The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet. Vulnerability Disclosure Timeline:… More Info »

9 Best Audio Player Plugins for WordPress

For the music lovers and for those who wants to add music or playlist to their website this article is for you. 9 Best Audio Player Plugins for WordPress WordPress has built-in support to handle audio files in various formats. It can automatically embed an audio file in a supported format, but what if you More Info »

The Best Related Posts Plugins for WordPress

By Jenni McKinnon Is your bounce rate high? Are users leaving your site after reading just one post? Encouraging people to stick around and browse your site can be a challenge. In today’s Weekend WordPress Project we’ll look at how you can display related and promoted posts in WordPress, so when a user has finished More Info »