The WooCommerce Checkout Manager has been reported by PluginVulnerabilities.com for being vulnerable in arbitrary file uploads. The exploit could be activated by an unauthenticated remote attacker when the plugin "Categorize Uploaded Files" option is enabled. In this case, the attacker cloud brute-force or guess an existing order id number and execute arbitrary server-side script code in the WooCommerce website with the active WooCommerce Checkout Manager plugin. Apparently, WooCommerce … [Read more...] about WooCommerce Checkout Manager 4.2.6 Vulnerability
0-day
Easy WP SMTP v.1.3.9 Hacked Fix
Easy WP SMTP 0-Day vulnerability Easy WP SMTP is a very popular WordPress plugin that routes outgoing emails from a WordPress site to an SMTP server of choice. It is a great tool for resolving issues with email delivery. We have used it on many occasions with our client sites. It has 300,000+ active installs and is regularly updated. This is why it came as a shock when it was reported that the latest version of the plugin (1.3.9) had a serious security issue that led to a lot of sites being … [Read more...] about Easy WP SMTP v.1.3.9 Hacked Fix
0-day Vulnerability for Social Warfare WordPress plugin
Today, March 21st 2019, Social Warfare plugin has been removed from WordPress.org repository due to a 0-day vulnerability for version 3.5.2 which allowed attackers to inject malicious Javascript code into plugin's social share links published on any site using it. **1st Update** https://twitter.com/warfareplugins/status/1108853377155375104 Social Warfare plugin was patched only hours ago so if you have any site using it you should either upgrade to version 3.5.3 or de-activate and remove it … [Read more...] about 0-day Vulnerability for Social Warfare WordPress plugin