Lack of Due Diligence by the WPScan Vulnerability Database and WPCampus Lead to False Claim That WordPress Plugin Vulnerability Was Fixed
We are big believers in having the full details of vulnerabilities, whether they are in WordPress plugins or other software, be disclosed in most instances. That isn’t because that makes our work of compiling data on ones in WordPress plugins easier, but because we see the positive impact that has, as well as the more often emphasized negative impact. One

Open Redirect Vulnerabilty in SagePay Server Gateway for WooCommerce
Recently Ricardo Sanchez disclosed a reflected cross-site scripting (XSS) vulnerability in the plugin SagePay Server Gateway for WooCommerce. When we went to test that out while adding the vulnerability to our data set, we noticed a strange result. The proof of concept URL was /wp-content/plugins/sagepay-server-gateway-for woocommerce/includes/pages/redirect.php?page=</script>”><script>alert(“R1XS4.COM”)</script> but after the reflected cross-site scripting happened the URL was changing to /wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/</script> Looking at the

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in BuddyPress Members Only
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability. One of the ways we keep track of vulnerabilities in WordPress plugins is by monitoring

How Can BlogVault be the Best WordPress Backup Plugin for 2018?
BlogVault – Best BackupPlugin 2018 If you are in Content Marketing, you might have a close attachment with WordPress. After all, this open source, free CMS allows you to manage and post your online papers from a single platform. That’s the reason, why nearly 28.8% of all website use WordPress as CMS and it is the most widely used site for

Is This SQL Injection Vulnerability Why a Hacker Would Be Interested in the SendinBlue Subscribe Form And WP SMTP Plugin?
Several days ago we had a request at this website for a file that would be located at /wp-content/plugins/table-maker/readme.txt. Subsequent to that, while reviewing the log files of another website for some work we were doing over at our main business we saw the same file requested. The requested file would be part of the plugin SendinBlue Subscribe Form And WP SMTP.

How to Backup a WordPress Blog? – The Best Ways Possible with BlogVault
How to Backup WordPress Blogs? WordPress has been really a very good platform for all the Bloggers and entrepreneurs to showcase their blogs in the most beautiful way possible. With the help of the most attractive plugins and themes one has make a great use of this platform for writing and manipulating their content. Well along with the creation of

Thousands of Websites Still Using WordPress Plugin that Has Vulnerability That Started Being Exploited Over a Year Ago
One of the ways that we keep track of vulnerabilities in WordPress plugins is by monitoring our websites and some third-party data for evidence of hackers are targeting plugins. Earlier this week that lead to us to us looking into a couple of plugins and finding vulnerabilities that hackers may be interested in, we have yet to get any definitive

New Service Vulnerability Disclosure Policy
This entry was posted in Vulnerabilities, Wordfence, WordPress Security on December 13, 2017 by Dan Moen   1 Reply The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk. In some cases, the issue is quite severe, putting thousands of websites at risk simultaneously. In these instances, our standard

RegistrationMagic – Custom Registration Forms <= – Authenticated Reflected XSS

RegistrationMagic – Custom Registration Forms <= – Authenticated SQL Injection