All In One WP Security & Firewall multiple XSS vulnerabilities (<=4.0.7).

NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…

Critical vulnerability in Swift Security Hide WordPress Firewall plugin leads to phishing attack.

This is a very interesting spear phishing attack case that we had to deal with this week. Spear phishing are attempts directed at a specific individual,…

Jetpack Protect: IP spoofing and improper data validation allow security feature bypass.

Since version 3.4, the popular Jetpack by WordPress.com plugin (15+ million downloads / 1+ million active installs) includes Jetpack Protect, a module “to protect your Jetpack-connected…

Many popular WordPress security plugins vulnerable to IP spoofing.

A WordPress user who was facing a small brute-force attack asked us for help. He was using a popular security plugin but, this time, his plugin…