WordPress
86% of PHP-based apps contain at least one XSS vulnerability
Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10. Given the volume of PHP …
9271 crucial vulnerabilities found in 185 firmware images of embedded devices
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices – …
The automation and industrialization of cyber attacks
A new Imperva report highlights cyber criminals’ use of automation to increase both the magnitude and velocity of attacks designed to compromise users and steal sensitive …
Persistent XSS flaw in SharePoint 2013 revealed, patched
Among the vulnerabilities patched earlier this month by Microsoft is an important one that endangers users of Microsoft SharePoint 2013, a web application platform in the …
PayPal stored XSS vulnerability exposed
Bitdefender researchers have located a stored XSS vulnerability in PayPal that leaves the e-payment service open for hackers to upload maliciously crafted files, capable of …
Open source Sleepy Puppy tool finds XSS bugs in target apps and beyond
Since Monday, security pros can add another XSS-finding tool to their arsenal, as Netflix has open sourced their cross-site scripting payload management framework dubbed …
How to get better at web application security
Robert Hansen, Vice President of WhiteHat Security Labs, has more than 20 years of web application and browser security experience. In this interview he discusses the …
5,000+ e-commerce sites at risk due to buggy WordPress plugin
A popular WordPress e-commerce plugin that is actively used on over 5,000 websites contains high-risk vulnerabilities that can be exploited to compromise customers’ …
WordPress vulnerable to yet another, still to be patched XSS flaw
The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to …
WordPress issues critical security release
WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to …
Popular WordPress plugins vulnerable to XSS
At least 17 WordPress plugins – and likely even more of them – have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject …
WordPress sites compromised to redirect to Pirate Bay clone, exploit kit
Malwarebytes researchers have spotted another malware delivery campaign that uses compromised WordPress sites to redirect users to a page hosting an exploit kit. The total …