• Stored XSS Fixed In Popup Builder 4.2.3

    During an analysis of the Popup Builder plugin, we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they have an account on the site. When successfully exploited, this vulnerability may let attackers perform any action the logged‑in administrator they targeted is allowed to do on the targeted… More

  • Penetration Testing: A 20-Step Guide by Top Security Experts

    Most enterprises with online components engage in regular penetration testing, leveraging in-house teams or external organizations to try to breach their website’s defenses.  The goal of penetration testing is to help you uncover any potential vulnerabilities before attackers can exploit them. At the enterprise level, any vulnerability can lead to data breaches, potential loss of… More

  • Unauthenticated SQL Injection Vulnerability Addressed in WP Fastest Cache 1.2.2

    During an internal review of the WP Fastest Cache plugin, the WPScan team discovered a serious SQL injection vulnerability. This vulnerability may allow unauthenticated attackers to read the full contents of the WordPress database using a time‑based blind SQL injection payload. Upon discovering the vulnerability, we promptly alerted the plugin development team, who released version 1.2.2… More

  • 26-Step WordPress Security Guide for Enterprise-Level Protection

    Do you agree with the list? Follow every step to guard your site & protect your company from major liabilities. Proven enterprise-grade cybersecurity tools. More

  • Unauthenticated File Upload Vulnerability Addressed in Royal Elementor Addons and Templates 1.3.79

    During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least one malicious file dropped into the /wpr‑addons/forms/ directory. As we reviewed the plugin it was found that the upload ajax action wasn’t properly validating the… More

  • Finding A RCE Gadget Chain In WordPress Core

    During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning attackers could inject random stuff into the targeted table’s columns, and query information from the database, the intended “flag” being the credentials of a user… More

  • Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2

    During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website. If successfully exploited, attackers could gather email addresses, putting user privacy at risk. Upon identifying the vulnerability, we promptly alerted the WordPress team, who released… More

  • How to Perform a Website Security Audit [Checklist + Tools]

    If you’re in charge of a website for a company — or are part of a team that is — it’s vital that you check your site’s security on a regular basis. Failing to do so can cause the company serious damage through lost sales and leads, data theft, compliance breaches, and more. This can… More

  • 20 Website Vulnerabilities & Security Threats You Need to Know

    When you run an enterprise‑level organization, website security threats are always on your mind. An attack on your system can lead to a security breach, result in data loss, or cause your entire application to shut down. The easiest way to avoid online threats is to remind or educate yourself about website vulnerabilities. Once you’re aware of common… More

  • The Ultimate WordPress Security Checklist

    Every website is open to potential attacks, but some sites are more at risk than others. If you run an enterprise‑level project, you have a giant target painted on your back. This is because most hackers are drawn in by the volume of sensitive customer data you may have on hand. Fortunately, there are several things… More

Blog at WordPress.com.