Blog

blog_wordpress

17 Feb: Another WordPress commercial plugin gets exploited

And yet another WordPress commercial plugin gets exploited in the wild, as Wordfence security analysts identified attackers exploiting vulnerabilities in outdated versions of a commercial WordPress plugin since the end of january. In this case the fairly popular WP Cost Estimation & Payment Forms Builder plugin developed by Loopus…

blog_drupal

16 Feb: First Drupal Security Update issued for 2019

Drupal is an open source Content Management System (CMS) which is free to download and use; it allows you to create and manage websites, intranets, and web applications without writing any code. It is used often among global enterprises, governments, higher education institutions, and NGOs.

phpipam-logo

06 Feb: Exploit discovered in phpIPAM IP management software

phpIPAM is a popular open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and HTML5/CSS3 features. A vulnerability in phpIPAM version 1.3.2 and earlier was found that…

blog_wordpress

03 Feb: Media File Manager plugin for WordPress exploited

An exploit was discovered in The Media File Manager plugin version 1.4.2 for WordPress. This vulnerability allows for directory traversal and the initiation of a remote cross site scripting (XSS) attack via the dir parameter of the mrelocator_getdir function of the file wp-admin/admin-ajax.php. A working exploit has been dislosed.

blog_wordpress

30 Jan: WordPress Users Urged to Delete Total Donations Plugin

Total Donations is a commercial plugin that helps sites create donation campaigns and accept payments from their visitors and is currently used by many non-profit and political organizations who want to accept donations from donors using a donation form. Attacks on the Total Donations plugins have been tracked over…

woktron-blog-icon

29 Jan: New Evolution skin for DirectAdmin

After 2 1/2 long years of development, the long awaited Evolution skin for the DirectAdmin control panel has now finally reached Release Candidate (RC) status and is from today available in DirectAdmin for our hosting clients. Evolution sports a modern design and is written in AJAX. It has support…

blog_wordpress

24 Jan: WordPress plugin Spambyebye vulnerable

A Cross-site scripting vulnerability was found in WordPress plugin spam-byebye with all versions up to version 2.2.1 reported vulnerable. It is possible to launch this attack remotely and it allows for the injection of arbitrary web scripts or HTML via unspecified vectors. This would alter the appearance and would…

php-pear-icon

23 Jan: PHP PEAR package manager and website compromised

Important: If you have downloaded the PHP PEAR package manager from its official website in the past 6 months, is it possible that your server has been compromised. PEAR, which stands for “PHP Extension and Application Repository,” is a community-driven framework and is the first package manager that was…