Persistent XSS Vulnerability in WordPress 4.2.2

WordPress Security

A few months back Sucuri reported a dangerous security vulnerability found in WordPress 4.2.2. The patch has been released with WordPress 4.2.4, which fixed a total of 6 security vulnerabilities. Details of the vulnerability The vulnerability has been initially reported by Sucuri to the WordPress security team on May 6th, 2015, and was fixed with the […]

Object Injection Vulnerability in WooCommerce

WooCommerce

Sucuri found an Object Injection Vulnerability in WooCommerce which can be used by an attacker to download any file on the vulnerable server. The vulnerability is only present in websites using WooCommerce previous to version 2.3.11, which contains the patch, and when the “PayPal Identity Token” option is set. Depending on the environment the website is […]

SweetCAPTCHA distributes Adware

sweetcaptcha

SweetCAPTCHA is a free service that offers good-looking images instead of the classic captchas made of cryptic digits and characters. It is available for a number of platforms including WordPress, Drupal, and Joomla! Malicious scripts by SweetCaptcha Sucuri, a well-known company that works on online security, reports that many websites using SweetCaptcha are affected by malicious popups […]