More WordPress plugins and themes vulnerable to CSRF attacks.
Additional WordPress plugins and themes were found to be vulnerable to CSRF attacks.
Category: Security
WordPress Simple:Press plugin fixed critical vulnerabilities.
The WordPress Simple:Press plugin (600+ active installations) fixed a broken access control vulnerability affecting version 6.6.0 and below that could lead to unauthenticated arbitrary file upload and remote code execution.
When some developers of WordPress plugin and theme go rogue.
While cleaning-up a hacked WordPress site, we found that some malicious code was added to the theme by its developers.
25 WordPress plugins vulnerable to CSRF attacks.
Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The impact of an XSS vulnerability on WordPress: How hackers exploit XSS vulnerabilities to create admin accounts on your blog.
With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.