Vulnerabilities – Page 9

Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk

Posted on 30 March 2022 by

Update – after this article was published, Denis Shagimuratov of CleanTalk reached out to us on Twitter. It appears that they didn’t receive our disclosure because our contact at the company was no longer the correct recipient for this type Continue reading Reflected XSS in Spam protection, AntiSpam, FireWall by CleanTalk→

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Posted on 11 March 2022 by

Last night, just after 6pm Pacific time, on Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 Continue reading WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities→

Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin

Posted on 24 February 2022 by

On November 11, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “Photoswipe Masonry Gallery”, a WordPress plugin that is installed on over 10,000 sites. This flaw makes it possible for an Continue reading Stored Cross-Site Scripting Vulnerability Patched in a WordPress Photo Gallery Plugin→

Reflected XSS in Header Footer Code Manager

Posted on 22 February 2022 by

On February 15, 2022, the Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent Continue reading Reflected XSS in Header Footer Code Manager→

Protecting everyone from WordPress Content Injection

Posted on 1 February 2017 by

Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress. CC BY-SA 2.0 image by Nicola Sap De Mitri The problem was found Continue reading Protecting everyone from WordPress Content Injection→

Automatic protection for common web platforms

Posted on 14 October 2014 by

If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it’s worth checking if the Continue reading Automatic protection for common web platforms→

Jetpack for WordPress: automatic protection

Posted on 10 April 2014 by

As we’ve said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent. Jetpack is an extremely popular plugin to provide Continue reading Jetpack for WordPress: automatic protection→

W3TC and WP Super Cache Vulnerability Discovered, We’ve Automatically Patched

Posted on 24 April 2013 by

The team at the research firm Sucuri announced a serious vulnerability to W3TC and WP Super Cache this afternoon. (Update: it appears the vulnerability was first reported on WordPress.org about a month ago.) The vulnerability allows remote PHP code to Continue reading W3TC and WP Super Cache Vulnerability Discovered, We’ve Automatically Patched→