Blog

Zerodium, a company that buys security exploits to then resell to government entities, tripled its price for WordPress Remote Command Execution (RCE) exploits. In a tweet sent out on Friday, April 9th, Zerodium announced that they had temporarily tripled the price they pay out to security researchers for WordPress RCE exploits. Increasing the payout from…

Over 14,000 covid test patients were affected by a data leak in Germany this week. This was due to the testing centre software using incremental identifiers in their custom WordPress REST API endpoint.

A member of the WPScan research team discovered two security vulnerabilities within the premium WooCommerce Customers Manager WordPress plugin, versions less than 26.6. The following two vulnerabilities were identified and added to our WordPress vulnerability database: Authenticated Reflected Cross-Site Scripting – CVSS: 7.1 (High)Arbitrary User Account Creation/Update via CSRF – CVSS: 8.8 (High)