The following new vulnerability checks has been added to WPScans.com: Custom Permalinks <= 1.1 – Authenticated SQL Injection Custom Permalinks <= 1.1 – Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.66 – Cross-Site Scripting (XSS) WP Fastest Cache <= 0.8.7.4 – Blind SQL Injection WooCommerce <= 3.2.3 – Authenticated PHP Object Injection Ninja Forms <= 3.2.13 – Cross-Site Scripting (XSS) Swape Theme – Authentication Bypass and Stored XSS flickrRSS <= 5.3.1 – XSS and CSRF Instagram Feed <= 1.5.1 – Cross-Site Scripting (XSS) Run your free scan at WPScans.com >
WordPress 4.9.2 is now available for download. This release is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your sites immediately. We also recommend using WPScans.com to scan your WordPress installation. This release contains a critical security fix for a XSS security bug in the Media Elements library fallback files. Since the fallback files are written in flash and not needed they have been removed from WordPress.
WPSec can now detect at least three different backdoored WordPress plugins. The plugins are: Duplicate Page and Post 2.1.0-2.1.1 No Follow All External Links 2.1.0-2.3.0 WP No External Links 4.2.1-4.3 We recommend that you run the free scan available at www.wpsec.com
Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2. WordPress, on the other hand, is the most popular content management system in the world, with a significant percentage of its installed base still being administered over HTTP. In this article, we’ll be using Wireshark to sniff and extract WordPress login credentials leaving the local computer. The application we’ll actually use to capture traffic is named Tshark, a command line implementation[…]
WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at wpscans.com
A new WordPress version was just release. This new version addresses a security problem with the $wpdb->prepare() function. From the release notes: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Anthony Ferrara. As the above notes says the vulnerability might affect thousands of plugins or themes and Anthony has more technical information on his blog here. WPScans.com has been updated to check for this vulnerability.
You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:
Nmap is one our favorite tool when it comes to security testing (except for WPSec.com). Nmap was created in 1997 by Gordon Lyon aka Fyodor. The current version 7.60 contains about 580 different NSE-scripts (Nmap Scripting Engine) used for different security checks or information gathering and about six of them are related to WordPress. Our first test is to just use the default options in nmap and see which ports that are open: Btw, we are using the amazing penetration testing Kali Linux distro. The above screenshot shows that there is a webserver, ssh server and MySQL listening on the network. Exposing MySQL to the network is not really safe, it’s not the target this time. The following Nmap NSE scripts are directly related to WordPress:[…]
The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 184.108.40.206 – Cross-Site Scripting Display Widgets 2.6.0-220.127.116.11 – Backdoored Pinfinity Theme <= 1.9.2 – Reflected Cross-site Scripting (XSS) SmokeSignal <= 1.2.6 – Authenticated Stored XSS WP Like Post <= 1.5.2 – Authenticated SQL Injection SQL Shortcode <= 1.1 – Authenticated SQL Execution WordPress 2.3.0-4.8.1 – $wpdb->prepare() potential SQL Injection Responsive Image Gallery, Gallery Album <= 1.2.0 – Authenticated SQL Injection VaultPress 1.89-1.9 – Unauthenticated RCE Content Audit <= 1.9.1 – Cross-Site Scripting (XSS)[…]