WordPress version 4.4 and onwards include REST API infrastructure in the core. What does this mean for your website’s security? How to disable WP API JSON in WordPress? Read on to find out. What is the REST API? REST is short for Representational State Transfer. It is a standard client-server protocol that makes your website available as a web service.…
Knowing your WordPress version number I can list all the known vulnerabilities in it. So can a hacker. It goes without saying that, it becomes very easy for a hacker to hack you if he knows what you are vulnerable to. Further, lists of the WordPress version number against the known vulnerability in it are too easily available online. Hence,…
WordPress theme-Bridge has been found to have an open redirect vulnerability. As its name suggests, this vulnerability lets a hacker redirect a site's visitors to unauthentic & malicious domains. Anyone on the version <=18.2 faces risk. With this post, we intend to make you aware of the vulnerability and the quick mitigation measures you can take. Plus, we'll dissect the…
A severe XSS vulnerability has been uncovered inside the Rich Reviews plugin. An estimate has it that the plugin Rich Reviews has more than 16,000 active downloads. Even though critical, the discovery of the vulnerability isn't surprising, given the fact that the plugin has not been updated in more than two years. In fact, Rich Reviews has been removed from…
The leading web application language PHP, is found to have several critical vulnerabilities in versions 7.1, 7.2 & 7.3. The most dreading of it all is the arbitrary code execution vulnerability in PHP. Many popular CMS like, WordPress, Magento, Drupal, Joomla etc. use PHP as their tech stack.
Managing content on the web has become a matter of seconds now, thanks to WordPress. With efficiency and affordability, WordPress has rightly been crowned the most favorable CMS around. However, it is also a fact that hacks on WordPress has become a constant phenomenon. In fact, WordPress is one of the widely targeted CMS. Thousands of users suffer each year from WordPress site hacked. This makes WordPress malware removal service a necessity.
A newly found script by the name of "Magento Killer" has been targeting Magento Websites as of lately. The script $ConfKiller targets the most important file in a website i.e. the config file (configuration file). Further, $ConfKiller script if executed successfully can modify the core_config_data table of the attacked Magento database.
Magecart, is a group of groups that is notoriously famous for their web skimming activities for half a decade now. These attackers often look for vulnerabilities on top e-commerce CMS(s) like Magento, OpenCart, Prestashop, Shopify, etc to inject malicious JavaScripts.
Magecart attacks came out of the dark when it targeted credit card info of big names such as British Airways, Ticketmaster, Netwegg, etc and made headlines. But, this does not mean Magecart attacks came into existence recently. In fact, Magecart attacks can be traced back to 2014 when several groups first started monetizing with stolen credit card details. Masterminds of Magecart have been active and growing ever since.
A bizarre hack has come to notice on WordPress websites. A huge number of WordPress websites are showing "1800ForBail – One+Number" or this "1800ForBail" as its SEO title/Blog name. Till now, it looks like a massive black hat SEO campaign. However, it could be more than that. Here is how it appears in Google search results: Attack Details Typically in…
