This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. …| WPScan
A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malw…| WPScan
A Few weeks ago an Sql Injection was discovered in the TI WooCommerce Wishlist plugin. After checking closer we found another entry point, affecting over 100,000 active installs. Despite the severi…| WPScan
During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalati…| WPScan
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attacke…| WPScan
Which website security tools are really necessary for your site? What to consider before investing in new software. 10 must-have tools you can’t skip.| WPScan
7 factors for choosing the best vulnerability scanner. Top options compared on features, pros, cons, & pricing. 5 things that make a great scanner| WPScan
Recently while covering malware campaigns exploiting the LiteCache and WP-Automatic WordPress plugins, we found that attackers were installing php-everywhere, a plugin that allows users to run arbi…| WPScan
If you’ve recently encountered the admin user wpsupp-user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typicall…| WPScan
A few weeks ago a critical vulnerability was discovered in the plugin WP-Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauth…| WPScan
What tools do you really need to secure a website? How to stay on budget without compromising. The most serious threats and vulnerabilities.| WPScan
Are your systems vulnerable? Everything you need to know about SQL injection attacks. See examples and learn how to detect and prevent them.| WPScan