-
Finding A RCE Gadget Chain In WordPress Core
During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning attackers could inject random stuff into the targeted table’s columns, and query information from the database, the intended “flag” being the credentials of a user…
-
Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2
During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website. If successfully exploited, attackers could gather email addresses, putting user privacy at risk. Upon identifying the vulnerability, we promptly alerted the WordPress team, who released…
-
How to Perform a Website Security Audit [Checklist + Tools]
If you’re in charge of a website for a company — or are part of a team that is — it’s vital that you check your site’s security on a regular basis. Failing to do so can cause the company serious damage through lost sales and leads, data theft, compliance breaches, and more. This can…
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
WPScan 