Quantcast
Channel: Vulnerabilities – Jetpack
Browsing latest articles
Browse All 23 View Live

How Malware Can Abuse the .htaccess File

You learned about the importance of the .htaccess file in our blog post How to Access and Edit the Default WordPress .htaccess File. As you can imagine, an important file such as .htaccess can be a...

View Article


SQL Injection Discovered And Fixed In Slimstat Analytics and Paid Memberships...

During an internal audit of the Slimstat Analytics and Paid Memberships Pro plugins, we uncovered two SQL Injection vulnerabilities that could allow low-privileged users like subscribers to leak...

View Article


Multiple vulnerabilities in WP Fastest Cache plugin

During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue....

View Article

Security Issues Patched in Smash Balloon Social Post Feed Plugin

During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), we discovered several sensitive AJAX endpoints were accessible to any users with an account...

View Article

Severe Vulnerabilities Fixed in All In One SEO Plugin Version 4.1.5.3

During an internal audit of the All In One SEO plugin, we uncovered an SQL Injection vulnerability and a Privilege Escalation bug. If exploited, the SQL Injection vulnerability could grant attackers...

View Article


Backdoor Found in Themes and Plugins from AccessPress Themes

Update Feb. 1 – Changed the “Affected themes” section to reflect that new versions of the themes are starting to appear. While investigating a compromised site we discovered some suspicious code in a...

View Article

Severe Vulnerability Fixed In UpdraftPlus 1.22.3

During an internal audit of the UpdraftPlus plugin, we uncovered an arbitrary backup download vulnerability that could allow low-privileged users like subscribers to download a site’s latest backups....

View Article

Backdoor found in The School Management Pro plugin for WordPress

Versions before 9.9.7 of the WordPress plugin “The School Management Pro” from Weblizar contain a backdoor allowing an unauthenticated attacker to execute arbitrary PHP code on sites with the plugin...

View Article


Image may be NSFW.
Clik here to view.

Capture the Flag at WordCamp Europe 2022

During WordCamp Europe 2022, we ran a WordPress Capture The Flag (CTF) competition across four challenges. We wanted to introduce folks to the addictive world of CTF, and let people experience how...

View Article


Vulnerabilities Found in the 3DPrint Premium Plugin

The premium version of the WordPress plugin 3DPrint is vulnerable to Cross Site Request Forgery (CSRF) and directory traversal attacks when the file manager functionality is enabled. These...

View Article
Browsing latest articles
Browse All 23 View Live