Category Archives: Security

WooCommerce PayPal Object Injection

The fine people at Woo have released a security patch for WooCommerce, fixing a vulnerability in their PayPal notification system. The vulnerability affects WooCommerce 2.0.20 – 2.3.10 when a “PayPal Identity Token” is set. It allows attackers to remotely execute … Continue reading

Posted in General, Security | Leave a comment

Genericons XSS Vulnerability & WordPress 4.2.2

A XSS vulnerability has been found in Genericons. To explain further, Genericons includes a file called example.html which has been found to be vulnerable to attack from the Document Object Model level. Any WordPress plugin or theme that includes this file … Continue reading

Posted in Security | 7 Comments

White Label CMS Vulnerability

A vulnerability has been found in White Label CMS, up to version 1.5.2. The vulnerability makes it possible to inject malicious code into websites, by tricking a site administrator into clicking a specially crafted URL. A fix has been released … Continue reading

Posted in General, Security | Leave a comment

WordPress Security Update

An important security update was released today for WordPress. Version 4.1.2 fixes several vulnerabilities that could allow users to compromise your site. WordPress versions 4.1.1 and earlier are vulnerable, and should be updated to the latest version of WordPress as … Continue reading

Posted in General, Security | Leave a comment

iThemes Security: Critical Security Release

iThemes have released an important security fix for their iThemes Security Plugin. This release fixes an XSS issue, which allowed potentially dangerous JavaScript to be executed while viewing the iThemes Security 404 error logs. iThemes have backported the security fix to past versions, … Continue reading

Posted in General, Security | 1 Comment