This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code, and any code, even the most secure, can, with time, can be used for nefarious actions. We ourselves find weaknesses in our code, internally and externally, and have to work […]
Tag Archives: disclosure
Advisory – Dangerous “nonce” leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF), we detected a “nonce” leak vulnerability that could allow a malicious actor […]
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required). The vulnerability was disclosed to the plugin developer a few weeks ago, […]