Astra Web Security Blog - Website & CMS Security News

astra, web, security, blog, website, cms, security, news

Popular Plugin Ninja Forms Vulenrable to Arbitrary File Upload & Path Traversal

Ninja Forms, is a WordPress plugin which allows websites to facilitate creating and customizing forms just by dragging and dropping. Moreover, it is currently in use on 1 million+ websites. This data, obviously, hints at the popularity Ninja forms when enjoying when the news of Ninja Forms' "File upload" extension being vulnerable to arbitrary file upload and path traversal surfaced a day ago. And it was quite a shocker.

WordPress Website Hacked & Sending Spam: Symptoms, Causes & Cleanup

WordPress is probably the cheapest and easiest solution for online content management. WordPress has been around for a long time and powers a major section of the web now. However, this popularity comes with a heavy cost as it is also one of the most commonly targeted CMS in the world. As a result, users often complain of issues like WordPress hacked sending spam to their customers. And dealing with WordPress spam can prove to be more frustrating for you for it can sabotage the reputation of your site in the long run.

Git Repositories (GitHub, GitLab & BitBucket) Hacked

This weekend, another shocking news started doing rounds. Git Repositories, the distributed version control for open source software was hacked. It includes GitHub, GitLab & Bitbucket as its extended channels. According to GitHub search, as many as 392 user accounts has been hacked. Further, the malefactor has deleted programmer's source codes and version histories and replaced it.

PHP SQL Injection: All You Need To Know

In the class of injection attacks, SQL injection attack has come out highly prominent. The majority of websites are vulnerable to it. According to Akamai, in 2017, more than 50 % attacks were done on web using SQL injection. In this article, we would discuss how SQL injection is carried out and how we can prevent the same in PHP applications.

How to set secure File Permissions in Magento 1.x & 2.x?

Even though open source CMS(s) are the current go-to software in the cyber world, it opens doors to threat as well. To keep your files secure, you need to have the most secured file permissions handy. Not having enough strict file & folder permissions will elevate the risk of it getting compromised. So, with this article I will let you through the ins and outs of Magento File Permissions.

Fake Payment Method Added in Magento Store - Credit Card Info Getting Leaked

In this attack, the hacker either adds a new payment method or plants a fake payment form. These tricks let him fish valuable credit card info. This particular hack was disclosed when one of Magento users reported to us that something fishy was going on with his website's payment gateway. When our engineers, scanned the website, they found that it indeed was hacked.

Must have PrestaShop Addons for E-commerce Stores

PrestaShop, for sure, is one of the top CMS(s) available for e-commerce. Its versatility and flexibility adds to its excellency. Plus it is also budget friendly. If you already own a shop on prestashop, you might want to look further for different tools to take care of the varied aspects of an online e-commerce store. In this article, we will list all the Prestashop Plugins which could help you take care of the various requirements of your business.

Close