wordpress – Page 31 – WindowsTechs.com

WordPress Plugin WP Statistics Patches XSS Flaw

Posted on July 5, 2019 by Lindsey O'Donnell

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover. Continue reading WordPress Plugin WP Statistics Patches XSS Flaw→

Does the Loginizer WordPress plugin also limit XML-RPC-calls?

Posted on June 28, 2019 by Marcel

I learned about about XML-RPC and specifically XML-RPC in WordPress. Now, the safety of XML-RPC in WordPress this is disputed.

But given, that I would like to continue using XML-RPC, in the most save manner, I wonder about t… Continue reading Does the Loginizer WordPress plugin also limit XML-RPC-calls?→

Understanding SQLMAP payload

Posted on June 26, 2019 by Michael Hoefler

I was participating in a CTF and there was a SQL Injection challenge. There is a Wordpress page with a vulnerable plugin parameter (let’s call the website https://vulnerable.com/), and the solution comes from leaking values from the databa… Continue reading Understanding SQLMAP payload→

13 Reasons Why WordPress Hacks are Successful

Posted on June 25, 2019 by Tripwire Guest Authors

In the attacker’s world, all vulnerabilities and potential exploits work toward the hacker’s advantage — not yours, not mine. This includes WordPress hacks. While living back east (over a decade ago), I was friends with several small … Continue reading 13 Reasons Why WordPress Hacks are Successful→

Unkown attack on linux server wordpress website

Posted on June 23, 2019 by serversetup co

I have a WordPress site. Recently under a serious DDoS attack.

For this WordPress site I use nginx, varnish and apache in the backend.

A part of access log shows this:

24.41.213.36 – – [23/Jun/2019:12:58:13 +0430] “GET / … Continue reading Unkown attack on linux server wordpress website→

Irked Researcher Discloses Facebook WordPress Plugin Flaws

Posted on June 17, 2019 by Lindsey O'Donnell

Researchers at Plugin Vulnerabilities cite grudge and irresponsibly disclose bugs in two WordPress plugins from Facebook. Continue reading Irked Researcher Discloses Facebook WordPress Plugin Flaws→

New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions

Posted on June 11, 2019 by Unknown

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions.

The vu… Continue reading New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions→

WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution

Posted on June 10, 2019 by Tara Seals

A web spam campaign targeting Koreans is affecting non-hacked websites worldwide. Continue reading WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution→

What does the attached php malware do?

Posted on June 2, 2019 by returneax

Found this on a WordPress server under the filename wp-includes/class-wp-image-editor-fd.php when WordFence picked it up as being an unexpected file.

Link to source is here: https://pastebin.com/DWe4d33K

Very clearly looks … Continue reading What does the attached php malware do?→

Attackers are exploiting WordPress plugin flaw to inject malicious scripts

Posted on May 30, 2019 by Zeljka Zorz

Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company has discovered 47 affected sites (some have been cleaned up in the meantime) … Continue reading Attackers are exploiting WordPress plugin flaw to inject malicious scripts→