Collaborate Disseminate
I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it doesn’t trigger any XSS). Here are the det… Continue reading Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]
I recently reported a Reflected Cross-Site Scripting (XSS) on a wordpress site which was running Yoast CEO 22.4 which is vulnerable to Reflected XSS. see CVE-2024-4041
However The company is demanding me for a Poc or it won’t accept the bu… Continue reading Is there a Poc for Yoast SEO < 22.6 – Reflected Cross-Site Scripting (CVE-2024-4041)
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org
Five WordPress plugins were injected with malicious code that creates a new administrative account.
The post Several Plugins Compromised in WordPress Supply Chain Attack appeared first on SecurityWeek.
Continue reading Several Plugins Compromised in WordPress Supply Chain Attack
I have installed a Nginx WAF with Modsecurity CRS. This WAF protects a backend WordPress.
One request from one of the plugins generated a false positive on the Modsecurity with the rule id 933120.
I identified it in the audit log, studied … Continue reading How do I unblock a request uri in Modsecurity CRS?
Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular WP… Continue reading Popular WordPress Plugins Leave Millions Open to Backdoor Attacks
Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.
The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek.
Continue reading Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors
Our WordPress site has about 11.500 posts and (sad but true) a wild mix of internal links with and without trailing slash.
We are looking for a way to remove all trailing / from all internal links.
Does someone have a good idea?
Continue reading WordPress: How to remove trailing slash from all internal links? [closed]
By Deeba Ahmed
Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress… Continue reading LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.
Continue reading Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors