While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version from 3.0.0 through 3.1.1 are affected. CVE ID: CVE-2020-7108 CWE ID: CWE-79 Summary LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the…
WP Time Capsule is quite a popular WordPress plugin when it comes to WordPress back-ups & staging. It has turned the complex processes of backing up & staging a click's affair. However, given the fragile nature of security in WordPress plugins, vulnerability disclosures are not quite unexpected. Certainly, the WP Time Capsule plugin is no exception. In fact, on the 8th of January, a serious Authentication Bypass Vulnerability was discovered in this popular plugin.
PrestaShop has released an advisory to inform about a potential threat in the shape of a malware named XsamXadoo on its stores. Hackers are, allegedly, using this malware to gain access to your PrestaShop Store. Several PrestaShop store owners have already been comprised by this malware. From what we came to know of, this malware exploits known vulnerabilities in PHP tool - PHPUnit, which is present in several of the PrestaShop modules.
Ever heard of .htaccess file? If you engage in web development often then surely you must have heard of it. It is one of those things that might seem trivial but in reality, is much more important. '.htaccess' is a file that is regularly referred to when talking about website security. It is analogous to a gatekeeper who handles the…
Digital World has its drawbacks and security threats. Regardless of how careful you have been with the website design, you can never assure 100% security. Algorithms change, content demand is different every day and criteria of the website security changes with all of it too. Hackers are getting smarter day by day, and website reinfection is common now. Even after…
Critical vulnerability found in Popular WordPress plugins Ultimate Addons for Elementor and Ultimate Addons for Beaver Builder. Developed by Brainstorm Force team, it makes a set of plugins easily accessible for your WordPress website. Ultimate Addons released an advisory on both its websites regarding the patch of vulnerability. However, it does not detail the vulnerability in the advisory. Nevertheless, we dug the vulnerability details from other sources.
Different WordPress malware campaigns are used to carry out different malicious activities. One such malware campaign has started with the .Bt WordPress hack. It is named so because this kind of infection creates files with .bt extension on your WordPress site under the root directory or the "wp-admin" or "wp-admin/css" directory. Here you will find the causes, symptoms, detection, and removal of the hack.
A distributed denial of service is a cyber-attack which aims at deranging the normal functioning of a server by flooding the targeted website with malicious traffic. As a result, the server becomes unavailable to users and your website faces downtime. If defined plainly, distributed denial of service or the DDoS attack is an elaborate and powerful cyberattack designed to disrupt…
WordPress version 4.4 and onwards include REST API infrastructure in the core. What does this mean for your website’s security? How to disable WP API JSON in WordPress? Read on to find out. What is the REST API? REST is short for Representational State Transfer. It is a standard client-server protocol that makes your website available as a web service.…
When shopping for web hosting packages, you will sometimes see providers boasting that their plans support multiple (or even unlimited) domains. This is a feature that is typically offered to upgraded plans; entry-level shared hosting plans usually limit you to one domain per account. For those with multiple websites, this sounds like a good idea; after all, paying $9.99 per…
