The popular WordPress plugin, Social Network Tabs, which has been downloaded over 53.000 times in the past 7 years and is used to help users share content on social media sites, left thousands of linked Twitter accounts exposed to compromise.
Blog
A Cross-site scripting vulnerability was found in WordPress plugin spam-byebye with all versions up to version 2.2.1 reported vulnerable. It is possible to launch this attack remotely and it allows for the injection of arbitrary web scripts or HTML via unspecified vectors. This would alter the appearance and would…
Important: If you have downloaded the PHP PEAR package manager from its official website in the past 6 months, is it possible that your server has been compromised. PEAR, which stands for “PHP Extension and Application Repository,” is a community-driven framework and is the first package manager that was…
cPanel is a popular web based control panel tool which will help you manage your web hosting account through a web interface instead of a console. cPanel has released updates that provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available…
Magecart, in operation since 2015, is software used by a range of hacking groups to implant malicious computer code into websites and third-party suppliers of digital systems to steal credit card info as people enter it at a checkout page. It’s been used in combination with commodity Magento extension…
A vulnerability was found in Joomla! that affects all versions from 2.5.0 to 3.9.1. The affected code is part of the mod_banners component. The manipulation with an unknown input leads to a cross site scripting vulnerability.
The Drupal content management system (CMS) has released two security updates on Wednesday, each designed to mitigate critical security vulnerabilities in the content management framework. These vulnerabilities were reported by network security and ethical hacking experts from the International Institute of Cyber Security and allow a malicious user to…
libssh, a tiny C SSH library, contains an authentication bypass vulnerability in libssh’s server-side code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate…
The internet is a dangerous place, replete with shady people looking to steal your personal information. Two-factor authentication or 2FA, has long been considered an important measuare for protecting your online accounts against such activity. 2FA authentication codes are typically sent via text message or via authentication apps. It’s…
Three vulnerabilities in LearnPress prior to version 3.1.0 have been discovered. LearnPress is a popular plugin with more than 50.000 installations for the WordPress CMS that can be used to create and sell courses online. LearnPress is similar to Moodle, an open source learning platform.