80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…

Ethical Hacking, book review: A hands-on guide for would-be security professionals

Ethical Hacking: A Hands-on Introduction to Breaking In • By Daniel G Graham • No Starch Press • 376 pages • ISBN 9781718501874 • £41.99 / $49.99    The parlous…

WooCommerce Extension – Reflected XSS Vulnerability

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021…

Is a Consolidated Approach Better for WAAP Security?

Most organizations and industries are shifting to a digital environment as it is where the future is headed. It seems the environment is in a frenzy, but if you look…

SSL certificate research highlights pitfalls for company data, competition

Research into how the enterprise handles and deploys security certificates has revealed risks to data that may be overlooked.  On Thursday, the Detectify Labs team published a report based on…

Inside 1,602 pentests: Common vulnerabilities, findings and fixes

Infosec Institute –  Infosec Institute –  Each year, Cobalt releases its State of Pentesting report, which extracts trends and statistics about the state of security from penetration testing engagements on…

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021,…

The Complete Guide to IoT Security and What Every Business Owner Needs to Know

We might feel that technology plays an enormous role in our lives, always with our eyes on our phones or turning on the TV right after we got home –…

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc. Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained…