Misuse of WordPress WP-CLI could leak user passwords.
WP-CLI is a command line interface for WordPress. It is a nice and very helpful tool if you want to manage a lot of WordPress installations from a Unix shell.
Category: Vulnerability
Arbitrary file upload vulnerability in WordPress LearnDash LMS plugin.
While cleaning up several hacked WordPress blogs, we identified a critical zero-day vulnerability in the LearnDash LMS plugin v2.5.3 (https://www.learndash.com/) that allows an unauthenticated user to…
Impedance mismatch: a hacker’s best friend.
A security application, such as a Web Application Firewall or an Anti-Virus, can be vulnerable to impedance mismatch attacks if it interprets traffic and input differently…
Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.
On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…
Latest Joomla! critical vulnerability being actively exploited in the wild.
Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later. Someone published…