What are version control files? When developers write code they often use version control software, such as SVN or Git, to help manage their work. When version control software is used, it often uses a hidden folder to store data about the source code being written. As this folder is hidden, it often can’t be viewed and therefore… More

What is SSL/TLS HTTPS Encryption? Not so long ago the web’s communications were mostly un-encrypted, allowing anyone who could eavesdrop on the traffic to read them. In recent years, the web has seen a dramatic change from mostly being un-encrypted to encrypted. When your website has HTTPS enabled all communication traffic from your user’s computers… More

What are WordPress Secret Keys? WordPress secret keys are random long bits of text that are stored in the wp-config.php file. They help with encrypting and hashing important data within WordPress. They are used to help secure your authentication cookies and to create secure numbers to protect against attacks. WordPress have their own WordPress Secret Key Generator that will… More

What are debug log files? When WordPress developers are working on coding a theme or plugin, it is often useful for them to log important data to a file, such as error messages, so that they can view and fix any problems. In WordPress, the debug log file is created with a known file name, debug.log,… More

The WPScan security research team identified an Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability within the Zebra_Form PHP library, which is used by multiple WordPress plugins. While investigating a dubious advisory related to a Cross-Site Scripting (XSS) vulnerability in the wp-ticket plugin, the Zebra_Form library was found to be responsible for the issue. At the time of writing, despite contacting… More

What is WordPress XMLRPC? WordPress XMLRPC allows other websites and software to interact with your WordPress website. Also known as an API. Some examples include creating new posts, adding comments, deleting pages and probably most commonly used in WordPress, pingbacks. As the name suggests, XMLRPC works by sending and receiving XML data. In WordPress, the… More

Bayonne, France, January 12th 2021, WordPress security company, WPScan, has announced that it has been named a Common Vulnerability and Exposures Numbering Authority authorized by the CVE Program to assign CVE IDs to vulnerabilities in Wordpress. With 75 million users, WordPress is the most popular content management platform in the world and powers 39.6% of all websites,… More

It’s that time of year again where we donate 2% of our profits to a charity that positively impacts climate change, and this year we chose Sea Shepherd France again. We do this every year as part of our Hack the Planet pledge. We launched several new versions of our WPScan WordPress security plugin, which now contains additional… More

WordPress Plugin Vulnerabilities BuddyPress < 6.4.0 – Lack of Capability Check on Profile PageWP Google Map Plugin <= 4.1.3 – Authenticated SQL InjectionWPJobBoard < 5.7.0 – Unauthenticated SQL InjectionWPJobBoard < 5.7.0 – Unauthenticated Reflected XSS & XFSMedia Library Assistant < 2.90 – Authenticated Blind SQL InjectionSecure File Manager – Authenticated Remote Command ExecutionWooCommerce Anti-Fraud <=… More

Here at WPScan we launched our brand new website, which we’re super happy with, and feedback so far has been overwhelmingly positive! We released three new versions of our WPScan WordPress security scanner, adding the login-uri option to specify the wp-login.php file location. We also released two new versions of our WordPress security plugin, implementing new features such as the ability to… More