-
New Malware Campaign Targets WP-Automatic Plugin
A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in…
-
How to Secure Your Website: Top Tips From Enterprise Security Experts
What tools do you really need to secure a website? How to stay on budget without compromising. The most serious threats and vulnerabilities.
-
Unauthenticated Stored XSS Fixed in WordPress Core
WordPress Core recently released v6.5.2, fixing a Stored Cross‑Site Scripting issue in the Avatar block present in the 6.x versions. While investigating the patch made, we identified that it could lead to an Unauthenticated Stored Cross‑Site Scripting issue in the worse case scenario, however this case requires a specific configuration. Versions 6.5.2, 6.4.4, 6.3.4, 6.2.5, 6.1.6…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 