Creating an App for your services can go a long way in increasing your internet presence. But what if your mobile app is insecure? It can turn your efforts into a fiasco, to say the least. Therefore it important to do a proper Mobile app security audit before releasing it to the public. A careful mobile app security audit can go a long way in protecting your customer's data.
The WordPress GDPR cookie consent plugin, which facilitates an easy GDPR compliance for users, was found vulnerable to improper access controls. This vulnerability can lead to severe vulnerabilities such as Privilege escalation and stored XSS in a website. The GDPR cookie consent plugin is being actively used on more than 700000 WordPress websites at the time of writing this.
Big, small and ubiquitous. Data is everything, and everywhere. Users are giving it, websites are collecting it and policymakers, the tech industry, and the citizens are constantly dabbling with what to do with all of the information that is being gathered. From an email to credit card information, from passwords to shopping history, from photos to personal information - websites…
WordPress redirect hacks have been a menace for such a long time now. It metamorphs itself into new redirect hacks every few weeks. We have been covering all those types of WordPress redirects as and when they come. Adding to the list is this blog post which uncovers yet another WordPress redirect hack type. This hack redirects blog page visitors to malicious domains.
Do you own an online store? Chances are that your website is built using OpenCart. In today’s scenario, the popularity of online stores has thrust OpenCart into the limelight. It is one of the most common open-sourced platforms for e-commerce websites. Since it is open-sourced, anyone can take a look into the source codes and understand what is going on.…
In this era of the internet, nothing comes for free! And if it’s coming, it may probably be a threat in the form of a virus or malware. According to Benjamin Franklin “An ounce of prevention is worth a pound of cure”, and prevention in this digital age can be effectively deemed as knowledge. In this blog post today, we…
Today every organization has a number of web applications that are insecure. In fact, they comprise of many vulnerabilities with little or no chance for immediate remediation. In such scenarios, virtual patching comes handy. Virtual patching protects applications from an exploit due to a vulnerability whose patch is yet to be applied.
Configuring recommended security headers for WordPress adds to your site's security. Today we are going to discuss everything about security headers for WordPress. And why you should be concerned with it. Typically, an HTTP security header renders additional information (such as content type, content meta, cache status, etc.) attached with a web page, whenever a browser requests the page from the server.
While testing the popular WordPress LMS plugin, Tutor LMS, I was able to find that the plugin is vulnerable to Cross-Site Request Forgery (CSRF). All WordPress websites using Tutor LMS version 1.5.2 and below are affected. CVE ID: CVE-2020-8615 CWE ID: CWE-352 Summary The Tutor LMS WordPress plugin is a feature-packed plugin that enables users to create and sell courses.…
On testing the popular WordPress testimonials plugin, Strong Testimonials, I found multiple stored XSS vulnerabilities in the plugin. All WordPress websites using Strong Testimonials version 2.40.0 and below are affected. CVE ID: CVE-2020-8549 CWE ID: CWE-79 Summary Strong Testimonials is a popular and easily customizable WordPress testimonial plugin with over 90,000 active installations. The stored XSS vulnerabilities found in the…
