NinTechNet changelog.
December 07, 2019 NinjaScanner v2.0.3 Improved the quarantine sandbox to better detect errors after moving a file to the quarantine folder. You can now change the…
Search Results for: csrf
Multiple vulnerabilities in WordPress IgniteUp/Coming Soon and Maintenance Mode plugin.
The WordPress IgniteUp/Coming Soon and Maintenance Mode plugin, which has 30,000+ active installations, was prone to multiple vulnerabilities in version 3.4 and below that could lead to arbitrary file deletion, stored XSS, information disclosure, HTML injection in email and CSRF, among a few other issues.
Multiple WordPress plugins vulnerable to HTML injection.
Multiple plugins offering to convert WordPress’ default plain text emails to HTML format were found to be vulnerable to HTML injection, which could lead to phishing or CSRF attacks.
HTML injection vulnerability in WordPress CformsII plugin.
The WordPress CformsII plugin (10,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.
Multiple vulnerabilities in WordPress Woody Ad Snippets plugin lead to remote code execution.
A unauthenticated options import vulnerability combined with a stored XSS vulnerability can lead to remote code execution in the WordPress “Woody Ad Snippets” plugin (90,000+ active installations), allowing hackers to compromise the website and its database.
Privilege escalation vulnerability in WordPress ND Shortcodes For Visual Composer plugin.
The WordPress ND Shortcodes For Visual Composer plugin (10,000+ active installations), was prone to a critical privilege escalation vulnerability.
HTML injection vulnerability in WordPress Pirate Forms plugin.
The WordPress Pirate Forms plugin (200,000+ active installations) was prone to an HTML injection vulnerability that could be used to target the administrator.
Unauthenticated Stored XSS in WordPress Coming Soon Page and Maintenance Mode plugin.
The WordPress Coming Soon Page and Maintenance Mode (7,000+ active installations), was prone to unauthenticated stored XSS and settings reset vulnerabilities in version 1.7.8 and below.
Settings change and CSS injection in WordPress Ocean Extra plugin.
The WordPress Ocean Extra plugin, which has over 400,000 active installations, was prone to settings change and CSS injection vulnerabilities in version 1.5.8 and below.
Securing WordPress with a Web Application Firewall: NinjaFirewall (WP Edition).
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.