Posts Tagged ‘WordPress’

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. (more…)

Wordpress Vulnerability

WordPress vulnerabilities

1. Security Bypass WordPress WP-Ban

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6230

Vector operation: Remote
Impact: Security Bypass (more…)

Security NewsHot Cyber Security Weekly News

Dear readers, today we offer you a selection of the five  hot news in the field of Cyber Security over the past week:

  • Slider Revolution Plugin Critical Vulnerability Being Exploited;
  • Microsoft, eBay apps open to man-in-the-middle MITM attacks;
  • A previously unknown variant of the APT backdoor XSLCmd – OSX.XSLCmd;
  • Hackers break into server for Obamacare website;
  • Facebook will teach users to protect private data. (more…)

Wordpress VulnerabilityA great number of people have the reasons to believe that WordPress ranks best as a web content manager as well as a blogging platform.

Indeed, the larger side of WordPress represents a great deal of benefits that its users get to enjoy. WordPress happens to be one of the easiest systems to use and above all it is free. In addition WordPress homes a great deal of features which would have otherwise claimed a great sum of dollars if it was for you to develop.

However, no matter how good WordPress might sound, just like any other thing, the system has its downside. The downside of WordPress is the problems that users are exposed to once they opt to use the system as a CMS. In this regard, it will be in the right order to familiarize with such problems. This will help you stay alert and do all you can to lay down necessary measures in effort to curb them. (more…)

WordPress Plugins

CSRF attack in WordPress

Vulnerability: CSRF attack in WordPress (XSS)

1. CSRF attack in WordPress Facebook Members

Danger level: Low
The presence of fixes: Yes
The number of vulnerabilities: 1

CVE ID: CVE-2013-2703
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Facebook Members Plugin 5.x
Affected versions: WordPress Facebook Members 5.0.4, possibly earlier. (more…)

WordPress PluginsDetected a dangerous flaw in the popular plugins for caching, which allows you to execute arbitrary PHP code on the target system.

Information security researcher Frank Goosen has published details of the vulnerability in the popular plug-ins for caching pages WordPress – WP Super Cache and W3 Total Cache, with more than six million downloads. Discovered vulnerability allows an attacker to inject and execute arbitrary PHP code on the target system with the privileges of Web-server. (more…)

Wordpress VulnerabilityLarge-scale attack against the WordPress blogs

Popular blogging platform WordPress has faced with BruteForce massive attack aimed at gaining control over user blogs, and placing in them malicious content and links. According Monitoring of the company Sucuri, currently against the system WordPress running large botnet consisting of at least 90,000 infected computers. The company said that the first attack was discovered last month, but in recent days occurred a burst of BruteForce activity against WordPress.

Irish hosting provider Spiral Hosting Saturday issued a warning to its customers that its customers are at risk of infection by malware, collecting clients for botnets. “At the moment there is a large number of attacks, BruteForce, emanating from the tens of thousands of IP-addresses all over the world,” – says Peter Armstrong from Spiral Hosting. (more…)

WordPress PluginsWP-Sentinel – WordPress plugin for protection from dangerous HTTP-requests

Plugin to protect your blog from malicious HTTP-requests, various injections, XSS-attacks, brute force attacks, and flooding. It is to protect WordPress Website from hacking. He checks each HTTP request for a given set of rules to filter malicious requests.

Plugin to protect your blog from malicious HTTP-requests, various injections, XSS-attacks, brute force attacks, and flooding.

WP-Sentinel works as a firewall, analyzing all http-requests coming to the blog, recognizing and blocking dangerous attacks: (more…)

WordPress PluginsPerfect Paper Passwords – Protecting WordPress from Brute Force Attacks.

High security multifactor authentication using a series of single-use “passcodes”. Perfect Paper Passwords is Plugin that implements an additional level of security at the entrance to the blog – individual password for each user.

This password changes every time you log on, so pick it is not real. User does not even need to remember the password – it is randomly generated, and is written in the form of a matrix – four cards to the cells – and at the entrance gives a hint at what the card and see which cell password. (more…)