When it comes to complex password cracking, hashcat is the tool which comes into role as it is the well-known password cracking tool freely available on the internet. The passwords can be any form or hashes like SHA, MD5, WHIRLPOOL etc. Hashes does not allow a user to decrypt data with a specific key as other encryption techniques allow a user to decrypt the passwords. Hashcat uses certain techniques like rainbow tables, dictionary attack or rather it can be the brute-force technique as well. This article gives an example of usage of hashcat that how it can be used to crack complex passwords of WordPress. Hashcat in an inbuilt tool in Kali Linux which can be used for this purpose.[…]

API JSON

Since a few weeks we offer an API so you can get notified about new found vulnerabilities on your WordPress website. The first part of our API are outgoing JSON webhooks. Using webhooks you can integrate against other third party services like Slack and Zapier. The hooks is formatted as JSON, example: { “email”: “[email protected]”, “name”: “WPScans”, “reportURL”: “https://wpsec.com/scan/?id=b8af78jrhj2kjfdef33j3j3j”, “status”: “vuln”, “type”: “scan”, “url”: “http://wpsec.com” } Most of the fields are self-explaining. The status field can be no-wordpress, vuln or no-vuln. The fields being sent are: type name reportURL url email status Screenshot from the Dashboard: This new API is available to Premium Subscribers and is still in beta.

Building on the robust infrastructure of WordPress 5.1, another release is in the offing at the end of this month. Perhaps the most crucial thing to note with the new update – WordPress 5.2 – is that all users would have to upgrade their version of PHP to PHP 5.6.20.   Following the release of WordPress 5.1, many users have taken the plunge, updating to more recent PHP versions. So you just might fancy doing same if you’ve not done that to prevent losing out on the latest features to follow WordPress 5.2.  If you’re thinking a manual WordPress update, well that wouldn’t work too. Presently, WordPress recommends that users upgrade to its recommended version – PHP 7.3 And it’s[…]

It has been reported by W3Techs that about one-third of the top ten million sites on the web is powered by WordPress. The WordPress market share has experienced tremendous steady growth in the last few years. There has been an increase from 29.9% to 33.4% within a year. That is a great improvement. The state of things here is quite exciting. We were happy when we first saw 50,000 downloads in 2005, and in January 2011, the project reached another milestone whereby 13.1% of websites were being powered by WordPress. And now, a new record has been set as WordPress is powering 33.4% of the sites. The most recent release, which came out on 21st of February, has been downloaded[…]

WordPress 5.1.1 is now available for automatic upgrade or download. This new WordPress version is a security and maintenance release. The release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in WordPress 5.2 (read more here). The release also includes security fixes that handle how comments are filtered and then later stored in the underlying MySQL-database. With a specific crafted comment, a WordPress post was vulnerable to cross-site scripting attacks (XSS). WordPress versions 5.1 and before are all affected by these security bugs, and are fixed in version 5.1.1. Updated versions of WordPress 5.0 and earlier are also available for any users who have not updated to 5.1.[…]

The WordPress open-source content management system, CMS, will indicate warning in its backend admin panel whenever the site is being run on an out-of-date PHP version. The plan in place is to make the warnings display for sites making use of a PHP version preceding the 5.6.x branch (<=5.6). There will be an inclusion of a link within the warnings; the link will lead to a WordPress support page containing information that sites owners can follow to update the PHP version in their servers. However, if the owners of the sites are using tightly-controlled web hosting environments to run their WordPress portals, then the web host will be presented with the opportunity of altering this link with a custom URL[…]

WordPress 5.0.1 is now available and it is a security release for all versions since WordPress 3.7. We strongly encourage you to update all your sites immediately. Plugin authors are also encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. Since some of the vulnerabilities covered in 5.0.1 might affect plugins. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version 5.0.1. Updated versions of WordPress 4.9 and older releases are also available, for users who have not yet updated to 5.0. Karim El Ouerghemmi discovered that authors could alter meta data to delete files that they weren’t authorized to. Simon Scannell of RIPS Technologies discovered that authors could create posts of unauthorized post types with specially crafted input.[…]

The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value. If the request data form is available for unauthenticated users, even unauthenticated users are able to update the database. The plugin has more than 100 000+ active installations according to WordPress.org. WPScans.com has been updated to check for this vulnerability, run your free scan today.

Except for the “Try Gutenberg” callout in the just released WordPress version 4.9.8 there are a ton of privacy fixes. The 4.9.8 WordPress release includes a total of 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools that were added in 4.9.6. Some of the privacy fixes include: The type of request being confirmed is now included in the subject line for all privacy confirmation emails. Improved consistency with site name being used for privacy emails in multisite. Pagination for Privacy request admin screens can now be adjusted. Increased the test coverage for several core privacy functions. I think this is a small step but in the right direction for the WordPress community. Privacy[…]