Arbitrary file upload vulnerability in WordPress Ultimate Member plugin.

A critical vulnerability in the popular WordPress Ultimate Member plugin allows allows attackers to upload any files, including PHP backdoors.

Posted on July 3, 2018August 4, 2018
Security

Misuse of WordPress WP-CLI could leak user passwords.

WP-CLI is a command line interface for WordPress. It is a nice and very helpful tool if you want to manage a lot of WordPress installations from a Unix shell.

Posted on March 17, 2018June 23, 2019
NinjaFirewall

Securing WordPress with a Web Application Firewall: NinjaFirewall (WP Edition).

In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.

Posted on February 11, 2018July 29, 2018
NinjaScanner

NinjaScanner v1.2 introduces the quarantine sandbox.

NinjaScanner v1.2 introduces a new and unique feature, the quarantine sandbox: When moving a file to the quarantine folder, NinjaScanner can use a testing environment (a.k.a.…

Posted on January 4, 2018June 19, 2019
NinjaFirewall

Arbitrary file upload vulnerability in WordPress LearnDash LMS plugin.

While cleaning up several hacked WordPress blogs, we identified a critical zero-day vulnerability in the LearnDash LMS plugin v2.5.3 (https://www.learndash.com/) that allows an unauthenticated user to…

Posted on December 6, 2017May 28, 2019
NinjaScanner

NinjaScanner: A powerful antivirus scanner for WordPress.

NinjaScanner is a lightweight, fast and powerful antivirus scanner for WordPress which includes many features to help you scan your blog for malware and virus.

Posted on May 3, 2017July 29, 2018
NinjaFirewall

NinjaFirewall PHP sessions debugging.

NinjaFirewall (WP and WP+ Edition) v3.4.3 introduces two new constants to help you debug potential PHP session issues such as whitelisted users being blocked by the…

Posted on January 8, 2017June 20, 2019
NinjaFirewall

NinjaFirewall Full WAF vs WordPress WAF mode.

Since version 3.4, NinjaFirewall (WP and WP+) can be installed in two different modes: Full WAF or WordPress WAF. Full WAF mode In Full WAF mode,…

Posted on December 10, 2016May 3, 2019
NinjaFirewall

Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…

Posted on August 27, 2016July 29, 2018
Brute-force attack

Blocking a WordPress XML-RPC attack with the Linux kernel firewall.

One of our customers faced a large attack against his WordPress blog xmlrpc.php script. When I connected to his server, the CPU load was over 100.…