Collaborate Disseminate
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia.
If you keep track of your site’s activity, the following log may look familiar:
POST: /index.php?s=captcha HTTP/1.1
D… Continue reading ThinkPHP 5.x Remote Code Execution
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin.
Current State of the Vulnerability
This plugin saves all Contact F… Continue reading SQL Injection in Advance Contact Form 7 DB
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.
However, bad actors are actively monitoring the WordPress plugin repository,&… Continue reading Attacks on Closed WordPress Plugins
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containin… Continue reading SQLi Vulnerability in YITH WooCommerce Wishlist
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues.
While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This … Continue reading SQL Injection Vulnerability in WP Statistics