Blog

Over 14,000 covid test patients were affected by a data leak in Germany this week. This was due to the testing centre software using incremental identifiers in their custom WordPress REST API endpoint.

A member of the WPScan research team discovered two security vulnerabilities within the premium WooCommerce Customers Manager WordPress plugin, versions less than 26.6. The following two vulnerabilities were identified and added to our WordPress vulnerability database: Authenticated Reflected Cross-Site Scripting – CVSS: 7.1 (High)Arbitrary User Account Creation/Update via CSRF – CVSS: 8.8 (High)

What are Configuration File Backups? WordPress has a special file named wp-config.php that stores sensitive configuration information for your website. By default, the wp-config.php file stores the following information: MySQL settingsSecret keysDatabase table prefixABSPATH Developers can also store other sensitive information in the file.