Malicious JavaScript code can be injected into Popups Several security flaws have been uncovered in the Popup Builder plugin code. Currently, this plugin has more than 200,000 active installs. Many site owners are still unaware of the issue. This plugin is regularly updated and maintained by the authors. However, it took them 7 days to release the patched version of the plugin. Meanwhile, many sites were exploited by hackers and those using an outdated version of the plugin are still at risk. One of the vulnerabilities tracked as CVE-2020-10196, can be used to collect the list of subscribers. Apart from that, an attacker can gather … [Read more...] about The WordPress Popup Builder Vulnerability
Vulnerability
WooCommerce Checkout Manager 4.2.6 Vulnerability
The WooCommerce Checkout Manager has been reported by PluginVulnerabilities.com for being vulnerable in arbitrary file uploads. The exploit could be activated by an unauthenticated remote attacker when the plugin "Categorize Uploaded Files" option is enabled. In this case, the attacker cloud brute-force or guess an existing order id number and execute arbitrary server-side script code in the WooCommerce website with the active WooCommerce Checkout Manager plugin. Apparently, WooCommerce Checkout Manager vulnerability was caught by the WordPress repository review stuff which resulted in de-activating plugin's listing for wordpress.org. If … [Read more...] about WooCommerce Checkout Manager 4.2.6 Vulnerability
0-day Vulnerability for Social Warfare WordPress plugin
Today, March 21st 2019, Social Warfare plugin has been removed from WordPress.org repository due to a 0-day vulnerability for version 3.5.2 which allowed attackers to inject malicious Javascript code into plugin's social share links published on any site using it. **1st Update** https://twitter.com/warfareplugins/status/1108853377155375104 Social Warfare plugin was patched only hours ago so if you have any site using it you should either upgrade to version 3.5.3 or de-activate and remove it from your WordPress installation. The patched version is still pending approval in order to be published again under WordPerss.org rep[osiutory so if … [Read more...] about 0-day Vulnerability for Social Warfare WordPress plugin
Recent Memcached Exploit can lead to a DDoS Attack
What is Memached Memcached is a free and open source memory caching system which is using RAM to store small amounts of data objects(less than 1MB each) reducing database load significantly. Memcached Exploit Memcached versions before 1.5.6 had been exploited so misconfigured memcached servers could be used to start DDoS attacks. Attack was first reported by Cloudflare on Tuesday the 27th of February 2018 after noticing a significant increase in the number of DDoS attacks using UDP amplified by Memcached servers. Cloudflare proved that vulnerable memcached servers could response to a single request up to 51,200 times larger than the … [Read more...] about Recent Memcached Exploit can lead to a DDoS Attack