The Ninja Technologies Network
NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…
Starting from version 3.0, NinjaFirewall, our Web Application Firewall for PHP (Pro and Pro+ Edition) and WordPress (WP and WP+ Edition), includes a new powerful filtering engine.
While cleaning-up an infected server today, I came across this plugin: Breadcrumb shortcode (slug: breadcrumbs-ez). It was downloaded from the WordPress official repository but it had…
We mentioned a few weeks ago fake WordPress websites used by hackers to distribute malware via malicious plugins installed on their victims blog. Hackers have lately…
Starting from version 1.8.1, it is possible to restrict access to NinjaFirewall (WP+/WP Edition) menu and settings. Note: Restrictions apply to single sites only, not to…
In recent days, we have worked on several infected WordPress websites that all had the particularity of having the same malicious plugin installed: Hackers gained access…
Following our 2013 benchmarks, we received quite a lot of requests to perform new ones and, this time, to include a category of plugins that wasn’t…
This is a very interesting spear phishing attack case that we had to deal with this week. Spear phishing are attempts directed at a specific individual,…
Since version 3.4, the popular Jetpack by WordPress.com plugin (15+ million downloads / 1+ million active installs) includes Jetpack Protect, a module “to protect your Jetpack-connected…
Starting from WP v1.4 and WP+ v1.2, NinjaFirewall introduces a new feature: It offers the possibility to automatically update the firewall security rules. Each time a new vulnerability…