MyBB, earlier known as MyBulletinBoard is a free and open source forum software based on PHP & My SQL. Recently it has been found vulnerable to a critical stored XSS (Cross-Site Scripting) and RCE (Remote-code Execution) in version 1.8.20 and before. Due to this any malefactor holding only a user account on the forum can hijack any board by sending a malicious private message to the administrator or by creating a malicious post.
WP live chat support plugin, with more than 50,000+ installs is, again found vulnerable to grave vulnerability identified as CVE-2019-12498, which lets any unauthorized user to steal chat history or hijack current chat sessions. Versions 8.0.32 and prior are vulnerable.
A fresh vulnerability disclosure in the series of WordPress plugins has come to notice. The WordPress plugin User Submitted Posts lets users upload posts and images from its front end feature. This WordPress plugin user submitted posts plugin currently has more than 30,000 installations. It was quite popular at the time a serious arbitrary file upload vulnerability was found in it. Learn more about the details of User Submitted Posts Exploit in this article.
There is seldom a more worrisome moment presents itself for a website owner than Google flagging your websites with a 'This site may be hacked' warning or a 'This site may harm your computer" flag. This warning could get your heart racing or this could give you troubled sleeps. And, this is bad for your beloved business because Google is scaring away your potential customers. You must have wondered why Google flagged your website and the possible reasons for this and how can you remove it? Read on to find out.
Now, with the World Wide Web being a populated place and constantly growing with a rapid rate. It becomes important to keep a check on the websites that are malicious. And, blacklist those which have been hosted to carry out malicious activities over the internet. For this job, a search engine seems the best fit for search engines are where most people get in contact with different websites.
Owing to the widespread presence of WordPress, hackers, in fact try incessantly to make past every popular WordPress plugin. As a result, vulnerability disclosures in WordPress plugins almost seem like a never ending process. This time its Fb messenger live chat by Zotabox. So, FB messenger live chat by Zotabox has recently been disclosed to have persistent XSS vulnerability.