API stands for - Application programming interface. It is a means for communication between your application and other applications based on a set of rules. In layman's terms, it is a language used among various applications. For example, you are able to put a twitter handle on the sidebar of your WordPress blog because WordPress uses the Twitter API.
Do you use the internet? Guess is you do. Then you must have come across news such as hackers stealing data and bringing down services & websites. Here are some website hacking techniques hackers generally use. In fact, according to hacking stats: 64% of companies admit to facing web attacks 1/131 emails contain malware in them Every day there are…
While performing a security audit on one of our client’s website, I discovered a reflected cross-site scripting vulnerability in the WordPress LMS plugin by LearnDash. All WordPress websites using LearnDash version from 3.0.0 through 3.1.1 are affected. CVE ID: CVE-2020-7108 CWE ID: CWE-79 Summary LearnDash is one of the most popular and easiest to use WordPress LMS plugins in the…
WP Time Capsule is quite a popular WordPress plugin when it comes to WordPress back-ups & staging. It has turned the complex processes of backing up & staging a click's affair. However, given the fragile nature of security in WordPress plugins, vulnerability disclosures are not quite unexpected. Certainly, the WP Time Capsule plugin is no exception. In fact, on the 8th of January, a serious Authentication Bypass Vulnerability was discovered in this popular plugin.
PrestaShop has released an advisory to inform about a potential threat in the shape of a malware named XsamXadoo on its stores. Hackers are, allegedly, using this malware to gain access to your PrestaShop Store. Several PrestaShop store owners have already been comprised by this malware. From what we came to know of, this malware exploits known vulnerabilities in PHP tool - PHPUnit, which is present in several of the PrestaShop modules.
Ever heard of .htaccess file? If you engage in web development often then surely you must have heard of it. It is one of those things that might seem trivial but in reality, is much more important. '.htaccess' is a file that is regularly referred to when talking about website security. It is analogous to a gatekeeper who handles the…
Digital World has its drawbacks and security threats. Regardless of how careful you have been with the website design, you can never assure 100% security. Algorithms change, content demand is different every day and criteria of the website security changes with all of it too. Hackers are getting smarter day by day, and website reinfection is common now. Even after…
Critical vulnerability found in Popular WordPress plugins Ultimate Addons for Elementor and Ultimate Addons for Beaver Builder. Developed by Brainstorm Force team, it makes a set of plugins easily accessible for your WordPress website. Ultimate Addons released an advisory on both its websites regarding the patch of vulnerability. However, it does not detail the vulnerability in the advisory. Nevertheless, we dug the vulnerability details from other sources.
Different WordPress malware campaigns are used to carry out different malicious activities. One such malware campaign has started with the .Bt WordPress hack. It is named so because this kind of infection creates files with .bt extension on your WordPress site under the root directory or the "wp-admin" or "wp-admin/css" directory. Here you will find the causes, symptoms, detection, and removal of the hack.
A distributed denial of service is a cyber-attack which aims at deranging the normal functioning of a server by flooding the targeted website with malicious traffic. As a result, the server becomes unavailable to users and your website faces downtime. If defined plainly, distributed denial of service or the DDoS attack is an elaborate and powerful cyberattack designed to disrupt…
