Duplicate Page <= 3.3 – Authenticated SQL Injection
https://wpvulndb.com/vulnerabilities/9251 Source: Security Feed
SQL Injection in Duplicate-Page WordPress Plugin
http://feedproxy.google.com/~r/sucuri/blog/~3/qdl2JzUrVmY/sql-injection-in-duplicate-page-wordpress-plugin.html While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts...Ultimate Member <= 2.0.39 – Cross-Site Request Forgery (CSRF)
https://wpvulndb.com/vulnerabilities/9250 Source: Security FeedPodcast Episode 5: The Raquel Landefeld Interview & The Pipdig Story
Podcast Episode 5: The Raquel Landefeld Interview & The Pipdig Story This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community...
Is ALL Security Thru Obscurity?
https://perishablepress.com/security-obscurity/ ob·scure/əbˈskyo͝or/adjective 1. not discovered or known about; uncertain. In the purely literal sense, the concept of obscurity applies to every transaction on the Web. The HTTP request knows not,...
Malware Campaigns Sharing Network Resources: r00ts.ninja
http://feedproxy.google.com/~r/sucuri/blog/~3/avh-kPo06UA/malware-campaigns-sharing-network-resources-r00ts-ninja.html We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware...
Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses
https://www.wordfence.com/blog/2019/04/pipdig-update-dishonest-denials-erased-evidence-and-ongoing-offenses/ In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside...