-
Uncovering a PHAR Deserialization Vulnerability in WP Meta SEO and Escalating to RCE
During an internal audit, the WPScan team found a vulnerability in the WP Meta SEO plugin. This vulnerability allows attackers with at least Author privileges to upload and deserialize a PHAR file, leading to arbitrary PHP object deserialization. We were able to escalate this vulnerability to remote code execution, without the need for additional code…
-
What is a brute force attack?
A brute force attack is a type of cyberattack where the attacker uses an automated system to try different combinations of username and password until they find the correct combination. This can be done by using a dictionary of common words or by using a list of common passwords. The attacker will keep trying different…
-
SQL Injection Found And Fixed In Slimstat Analytics and Paid Memberships Pro
During an internal audit of the Slimstat Analytics and Paid Memberships Pro plugins, The WPScan research team uncovered two SQL Injection vulnerabilities that could allow low‑privileged users like subscribers to leak sensitive information from a site’s database. If exploited, the vulnerability might grant attackers access to privileged information from impacted sites’ databases, such as usernames and…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 