Owing to the widespread presence of WordPress, hackers, in fact try incessantly to make past every popular WordPress plugin. As a result, vulnerability disclosures in WordPress plugins almost seem like a never ending process. This time its Fb messenger live chat by Zotabox. So, FB messenger live chat by Zotabox has recently been disclosed to have persistent XSS vulnerability.
Another plugin has entered the ever-growing list of vulnerable WordPress plugins. The WordPress free plugin FV Flowplayer Video Player which is being used for embedding FLV or MP4 videos into posts or pages is found to be vulnerable to XSS, SQL injection & CSV Export. Installed on 40,000+ websites at present, it has been updated only 4 days ago after…
Day after day, a vulnerability or an attack on the WordPress CMS comes to light. Clearly, this is not the end of it. Adding to the precedented vulnerabilities, another quite severe cross-site scripting vulnerability is exposed on the WordPress plugin wp-live-chat-support.
Ninja Forms, is a WordPress plugin which allows websites to facilitate creating and customizing forms just by dragging and dropping. Moreover, it is currently in use on 1 million+ websites. This data, obviously, hints at the popularity Ninja forms when enjoying when the news of Ninja Forms' "File upload" extension being vulnerable to arbitrary file upload and path traversal surfaced a day ago. And it was quite a shocker.
This weekend, another shocking news started doing rounds. Git Repositories, the distributed version control for open source software was hacked. It includes GitHub, GitLab & Bitbucket as its extended channels. According to GitHub search, as many as 392 user accounts has been hacked. Further, the malefactor has deleted programmer's source codes and version histories and replaced it.
Even though open source CMS(s) are the current go-to software in the cyber world, it opens doors to threat as well. To keep your files secure, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article I will let you through the ins and outs of Magento File Permissions.
In this attack, the hacker either adds a new payment method or plants a fake payment form. These tricks let him fish valuable credit card info. This particular hack was disclosed when one of Magento users reported to us that something fishy was going on with his website's payment gateway. When our engineers, scanned the website, they found that it indeed was hacked.
PrestaShop, needless to say, is one of the big names in the e-commerce industry. This free open-source CMS is currently being used by 250,000 online stores worldwide and is maintained and regulated by an efficient team of more than a hundred members, says wikipedia. However, we still cannot vouch for its immunity to cyber attacks. After being affected by spam last year, Prestashop is again hit in the same place.
PHP (Hypertext Preprocessor), might be an old coding language but it still is crowned with the title of being the most popular one. The A-listed companies that use PHP as its language includes Magento, WordPress, Joomla, Laravel, Opencart, Drupal amongst the many others. But as it goes, popularity accompanies threats. And PHP is no exception. In fact, no coding language is protected against hacking but the recent trail of PHP based CMS(s) being attacked one after the other is a matter to be pondered upon. The best way you can have these attacks checked is by using a PHP Firewall.