13 Sep

When an Old Vulnerability Gets a New Vulnerability Report

As part of preparing an upcoming enhancement to the service, we have recently been taking a look at what traffic to our website indicates as to what hackers are targeting. Through that we noticed a connection between the existence of YouTube videos on exploiting vulnerabilities and what vulnerabilities are getting exploitation attempts. In the past few [Read more]

30 Jun

Authenticated Persistent Cross-Site Scripting (XSS) Vulnerability in Cherry Plugin

As we continue looking at ways we can improve the security of WordPress plugins, one of the thing we are trying is checking over plugins that we have recently added new vulnerabilities to our data set to see if we can find any other obvious vulnerabilities. The third we have spotted is in the plugin Cherry [Read more]

22 Jun

Old Vulnerability Report: Arbitrary File Viewing Vulnerability in Cherry Plugin

One of the things that we do to keep track of the  plugin vulnerabilities out there is to monitor hacking attempts on our websites. That sometimes leads us to finding what looks to be exploitation of vulnerabilities that a hacker has just discovered. In other cases it shows really old vulnerabilities that hackers are still trying to [Read more]