Remote & Local File Inclusion Vulnerability In WordPress [GUIDE]

WordPress Local File Inclusion Vulnerability The intent of this post is to help penetration testers to identify and test Remote File Inclusion (RFI) & Local File Inclusion (LFI) vulnerabilities in WordPress and helping future pentesting testing by consolidating research. LFI vulnerabilities are typically discovered during web application pen testing using …

Over A Million WP Sites Hacked in Widespread Attacks – (News)

A sudden increase WordPress XSS Attacks (Cross Site Scripting) wordpress vulnerabilities has been tracked by our threat intelligence team on April 28, 2020. These attacks increased to about 30 times more than what is seen in previous attack data within a few days’ span. The botnet consisting of 90,000 IP addresses takes …

Prestashop Hacked – Security Vulnerabilities & Site Clean Up

Prestashop Hacked   In the past, PrestaShop has undergone various hack attempts. E-commerce security bears great significance as it is somewhere connected to instant revenue loss. In the past couple of years, the use of e-commerce solution has increased alarmingly owing to which ‘PrestaShop hack’ has increased extensively.

Rich Reviews Plugin Zero Day Vulnerability Exploit [New]

It is estimated that there are 16,000 active installations of vulnerable Rich Reviews Plugin which was removed from the WordPress.org Plugin Directory on March 11, 2019, due to a security issue. Threat Intelligence team at Wordfence first informed that there is a Zero day vulnerability in the Rich Reviews WordPress …

WordPress Vulnerabilities (2020) & How To Fix Them

WordPress Security Vulnerabilities Table Of Contents 📒 WordPress REST API Content Injection Vulnerability 📒 Stored Cross-Site Scripting Vulnerability 📒 SQL Injection & URL Hacking: 📒 Brute-Force Login Attempts 📒 Default Prefix for Database Tables 📒 Default Admin User Account Vulnerability 📒 Sensitive File Disclosure Vulnerability 📒 Privilege Escalation Attack 📒 WordPress Arbitrary File Deletion Vulnerability 📒 How to Find Vulnerabilities …

Convert Plus WordPress Plugin Vulnerability Exploit [FIXED]

In our earlier posts last week, we covered various vulnerable plugins which were exploited by hackers such as Zero-day Vulnerability in WordPress Yellow Pencil Plugin, Vulnerability In Social Warfare Plugin, &  in WordPress Easy WP SMTP Plugin which were all fixed. Type – Unauthenticated Administrator Creation CVSS v3.0 Score: 10.0 …

WordPress Brute Force Attacks – How To Protect Your Website?

WordPress Brute Force Attack Brute force attacks are common against web services. Any website is a potential target. However, criminal actors usually choose the most popular to increase their chances of success. WordPress is one of their favorite targets. This platform is so popular that out of one million top websites on the …