02 Jan

What Happened With WordPress Plugin Vulnerabilities in December 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

[Read more]

20 Dec

Vulnerability Details: Arbitrary Email Sending Vulnerability in Sharexy

This Vulnerability Details post about a vulnerability in the plugin Sharexy provides the details of a vulnerability we ran across while collecting data on vulnerabliities discovered by others for our data set on vulnerabilities in WordPress plugins, so its contents are limited to customers of our service. If you are not currently a customer, you can sign up for free here. There are a lot of other reason that you will want to sign up beyond access to posts like this one, including that you would have already been warned about this vulnerability if your website was vulnerable due to it.

[Read more]

20 Dec

Is a Hacker Targeting This Plugin Thinking It Has Vulnerability It Doesn’t?

One of the problems we sometimes run into checking over plugins that hackers look to be targeting is that hackers don’t always have a good understanding of what they are doing. We have seen in them trying to exploit vulnerabilities that don’t exist and trying to exploit vulnerabilities in a way that won’t ever succeed. The former issue can be caused by false or inaccurate reports of vulnerabilities released by others and the latter due to a lack of testing before trying to exploit them on other people’s websites.

[Read more]