Wordpress 5.7 One-Click HTTPS Migration

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration

Forcing WordPress to load over HTTPS usually requires a bit of work. Most either use a plugin to simplify the task or add redirects to their .htaccess files. Unfortunately, both processes can be risky if you’re not careful. Considering how important HTTPS is for improving security and Search Engine Optimization (SEO), it’s clear that implementation …

What You Need to Know About WordPress 5.7 and One-Click HTTPS Migration Read More »

Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites

A high-severity Unrestricted File Upload vulnerability, tracked as CVE-2020–35489, was discovered in a popular WordPress plugin called Contact Form 7, currently installed on 5 Million+ websites making them vulnerable to attacks like phishing, complete site take-over, data-breach, phishing and credit card frauds. In this blog-post, we will cover what caused the flaw, an example Proof-Of-Concept (PoC) showing exploitation in a …

CVE-2020-35489: Unrestricted File Upload Vulnerability found in Contact Form 7 plugin affects 5M+ websites Read More »

WP File Manager

WordPress plugin WP File Manager actively exploited

WordPress is a huge platform that powers a large number of websites. This service makes it easy for both programmers and non-programmers to develop different websites. With WordPress, there are different kinds of themes, plugins and more. However, since most of these things are created by third-party developers, there are chances that there will be …

WordPress plugin WP File Manager actively exploited Read More »

WordPress to add auto-update feature for themes and plugins

When it comes to WordPress, keeping your theme, plugins, and WordPress core is one of the most important tasks you have as a website owner. However, most website owners are often guilty of not applying updates and running with outdated versions of their themes and plugins.  Needless to say, this leaves your website vulnerable to …

WordPress to add auto-update feature for themes and plugins Read More »

Dozens of File Upload Vulnerabilities Found in Web Apps

Dozens of File Upload Vulnerabilities Found in Web Apps

When it comes to content management systems such as WordPress, hackers will often exploit file upload mechanisms to distribute malicious files which can be used to execute malicious code on a website, infect other websites, and allow hackers to gain full control over a server where your website is hosted.  In an effort to prevent …

Dozens of File Upload Vulnerabilities Found in Web Apps Read More »

CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress

A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2020-9334, exists in a popular WordPress plugin called Envira Photo Gallery, rendering over 100,000 websites vulnerable to phishing attacks, stealing administrator’s session tokens, etc. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Envira …

CVE-2020-9334: Stored XSS vulnerability in Popular Gallery Plugin for WordPress Read More »

Events Manager Plugin Vulnerable5

100,000+ WordPress sites vulnerable due to Events Manager Plugin

A non-trivial CSV injection vulnerability was discovered in a popular WordPress plugin called Events Manager v5.9.7.1 (active on 100,000+ websites). This makes the users’ machine vulnerable to remote attackers who can execute arbitrary commands on it. In this Blog-post, we will dive deep into what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation …

100,000+ WordPress sites vulnerable due to Events Manager Plugin Read More »

CVE-2020-8417: From CSRF to RCE and WordPress-site takeover

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417

A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused the flaw, an example Proof-Of-Concept showing exploitation in a sandbox environment, and mitigation steps. What is the Code Snippets Vulnerability? The National Vulnerability …

From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 Read More »