Plugin name: Data privacy extended (data protection law) - GDPR Module Vulnerability name: CSRF (Cross-Site Request Forgery) in the "Delete Account" Affected Prestashop versions: v18.104.22.168 - v22.214.171.124 Vulnerable Version: <3.7.8 Patched version: 3.7.8 Vulnerability Reported: 20th June 2019 Vulnerability Patched: 25th June 2019 While performing a security audit on one of our Prestashop clients at Astra, I found a critical…
Cross-site scripting, also known as XSS in short, is a security vulnerability found in web applications. WordPress XSS exploit allows attackers to inject malicious content under the guise of a trusted entity. Further, an XSS vulnerability also compromises user-website interaction. It allows attackers to pose as legitimate users and upload malicious content, steal user credentials and information, deface your website and tarnish your brand.
How often do you change your WordPress Theme? Have you ever come across any term such as WordPress Theme Hack? Did you think WordPress themes can be used to cause a security breach on your WordPress website? In this article, we will try to answer all these questions about WordPress Theme Hack. We shall also discuss ways to remove WordPress Theme Hack from your WordPress website.
GoDaddy is a great service to avail domains at a reasonable price. Apart from providing domain names, GoDaddy also provides hosting services to its users. It seems to be a fairly good deal while starting a new internet venture. However, while using the hosting services of GoDaddy often, the users may face the issue of GoDaddy site suspended.
If you’ve ever paged through Google search results, you’ve inevitably clicked on a website that leads you to a splash page warning, This site may harm your computer. While this can be alarming at first, you have nothing to fear immediately. This is simply a page Google directs you to if it detects a considerable threat to your system’s security from the website you were headed to.
With the Google Safe Browsing feature, Google maintains a list of suspicious websites that might be under attack by hackers. When users try to visit an unsafe site, they are met with a red screen displaying a warning message. Google phishing warning appears as “Deceptive site ahead” for sites that are suspected of phishing attacks.
MyBB, earlier known as MyBulletinBoard is a free and open source forum software based on PHP & My SQL. Recently it has been found vulnerable to a critical stored XSS (Cross-Site Scripting) and RCE (Remote-code Execution) in version 1.8.20 and before. Due to this any malefactor holding only a user account on the forum can hijack any board by sending a malicious private message to the administrator or by creating a malicious post.
WP live chat support plugin, with more than 50,000+ installs is, again found vulnerable to grave vulnerability identified as CVE-2019-12498, which lets any unauthorized user to steal chat history or hijack current chat sessions. Versions 8.0.32 and prior are vulnerable.