NinTechNet changelog.

May 13, 2019 NinjaScanner v2.0 Added a new user interface for the scanner report: nicer UI with a separate section for each items, row action links…

Posted on May 2, 2019May 3, 2019
NinjaFirewall

Arbitrary file upload vulnerability in WordPress User Submitted Posts plugin.

The WordPress User Submitted Posts plugin (30,000+ active installations) was prone to an arbitrary file upload vulnerability in version 20190426 and below.

Posted on April 11, 2019April 19, 2019
NinjaFirewall

Zero-day vulnerability in WordPress YellowPencil Visual CSS Style Editor plugin actively exploited.

We are seeing today a lot of hacked WordPress blogs due to a critical vulnerability in the WordPress YellowPencil Visual CSS Style Editor plugin which has 30,000+ active installations.

Posted on April 10, 2019May 3, 2019
Malware

WordPress Yuzo Related Posts plugin vulnerability massively exploited.

Hackers are currently actively exploiting a vulnerability in the WordPress Related Posts plugin, which has 60,000+ active installations.

Posted on March 24, 2019April 21, 2019
NinjaFirewall

NinjaFirewall (WP Edition) adds PHP backtrace to email notifications.

Starting from version 3.8.3, NinjaFirewall (WP and WP+ Edition) will attach a PHP backtrace to some important email notifications sent to the administrator.

Posted on March 22, 2019April 19, 2019
NinjaFirewall

Another day, another zero-day: WordPress Social Sharing Plugin Social Warfare under attack.

A vulnerability in WordPress Social Sharing Plugin – Social Warfare is currently exploited.

Posted on March 17, 2019May 3, 2019
NinjaFirewall

Critical zero-day vulnerability fixed in WordPress Easy WP SMTP plugin.

The popular Easy WP SMTP plugin, which as 300,000+ active installations, was prone to a critical zero-day vulnerability.

Posted on December 7, 2018March 24, 2019
NinjaFirewall

Critical vulnerability in WordPress Kiwi Social Sharing plugin actively exploited.

A critical vulnerability in the WordPress WordPress Kiwi Social Sharing plugin <2.0.11 (30,000+ active installations) is currently exploited since December 6th.