Author Archives: Mark George

WooCommerce PayPal Object Injection

The fine people at Woo have released a security patch for WooCommerce, fixing a vulnerability in their PayPal notification system. The vulnerability affects WooCommerce 2.0.20 – 2.3.10 when a “PayPal Identity Token” is set. It allows attackers to remotely execute … Continue reading

Posted in General, Security | Leave a comment

White Label CMS Vulnerability

A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released … Continue reading

Posted in General, Security | Leave a comment

iThemes Security: Critical Security Release

iThemes have released an important security fix for their iThemes Security Plugin. This release fixes an XSS issue, which allowed potentially dangerous JavaScript to be executed while viewing the iThemes Security 404 error logs. iThemes have backported the security fix to past versions, … Continue reading

Posted in General, Security | 1 Comment

Vulnerability in WP-Slimstat Plugin

A vulnerability has been found by Sucuri in the WP-Slimstat plugin, which affects all versions up to 3.9.5. The vulnerability may allow attackers to inject SQL commands into your database, allowing them to make arbitrary changes. If you use the WP-Slimstat plugin, we … Continue reading

Posted in General, Security | Leave a comment

FancyBox for WordPress Vulnerability

A vulnerability has been discovered in most versions of the Fancybox-for-WordPress plugin. This vulnerability makes it possible for attackers to inject malicious code into affected sites. If you’re using this plugin, you should immediate upgrade to the latest version. Our security scanner … Continue reading

Posted in General, Security | Leave a comment