The leading web application language PHP, is found to have several critical vulnerabilities in versions 7.1, 7.2 & 7.3. The most dreading of it all is the arbitrary code execution vulnerability in PHP. Many popular CMS like, WordPress, Magento, Drupal, Joomla etc. use PHP as their tech stack.
Managing content on the web has become a matter of seconds now, thanks to WordPress. With efficiency and affordability, WordPress has rightly been crowned the most favorable CMS around. However, it is also a fact that hacks on WordPress has become a constant phenomenon. In fact, WordPress is one of the widely targeted CMS. Thousands of users suffer each year from WordPress site hacked. This makes WordPress malware removal service a necessity.
A newly found script by the name of "Magento Killer" has been targeting Magento Websites as of lately. The script $ConfKiller targets the most important file in a website i.e. the config file (configuration file). Further, $ConfKiller script if executed successfully can modify the core_config_data table of the attacked Magento database.
Magecart, is a group of groups that is notoriously famous for their web skimming activities for half a decade now. These attackers often look for vulnerabilities on top e-commerce CMS(s) like Magento, OpenCart, Prestashop, Shopify, etc to inject malicious JavaScripts.
Magecart attacks came out of the dark when it targeted credit card info of big names such as British Airways, Ticketmaster, Netwegg, etc and made headlines. But, this does not mean Magecart attacks came into existence recently. In fact, Magecart attacks can be traced back to 2014 when several groups first started monetizing with stolen credit card details. Masterminds of Magecart have been active and growing ever since.
A bizarre hack has come to notice on WordPress websites. A huge number of WordPress websites are showing "1800ForBail – One+Number" or this "1800ForBail" as its SEO title/Blog name. Till now, it looks like a massive black hat SEO campaign. However, it could be more than that. Here is how it appears in Google search results: Attack Details Typically in…
No one on the internet can claim to be completely hack-proof, but the e-commerce websites particularly, face the greatest risks. No doubt, cyber attacks and information security breaches have severe and lasting effects on websites. But, does it affect the market capitalization of companies?
MyBB, earlier known as MyBulletinBoard is a free and open source forum software based on PHP & My SQL. Recently it has been found vulnerable to a critical stored XSS (Cross-Site Scripting) and RCE (Remote-code Execution) in version 1.8.20 and before. Due to this any malefactor holding only a user account on the forum can hijack any board by sending a malicious private message to the administrator or by creating a malicious post.
WP live chat support plugin, with more than 50,000+ installs is, again found vulnerable to grave vulnerability identified as CVE-2019-12498, which lets any unauthorized user to steal chat history or hijack current chat sessions. Versions 8.0.32 and prior are vulnerable.
A fresh vulnerability disclosure in the series of WordPress plugins has come to notice. The WordPress plugin User Submitted Posts lets users upload posts and images from its front end feature. This WordPress plugin user submitted posts plugin currently has more than 30,000 installations. It was quite popular at the time a serious arbitrary file upload vulnerability was found in it. Learn more about the details of User Submitted Posts Exploit in this article.