Maybe your client’s site got hacked, it’s time for a security checkup, or you’re tired of telemarketers terrorizing your phone lines with the vulnerabilities sales pitch. Despite the hype, the threat is real. WordPress makes up 90% of hacked CMS sites, reports ZDNet the CBS-owned technology news site. It’s doubly dangerous when your client’s business …
Continue reading “3 Ways to Prepare for WordPress Website Malware in 2020”
Your Guide to Hacked WordPress Repair If you run a website, you have to be prepared for the reality that it could be hacked at some point. Dealing with a hacked website can be stressful, and when it’s a WordPress site specifically, it can be even more frustrating because repairs won’t be the same as …
Continue reading “Your DIY Guide to Hacked WordPress Repair”
Hacked Website Repair: What You Should Know If your website is hacked, you may find yourself in a situation where you aren’t sure what to do or who to call. The good news is that there is no need to panic. Help is available and there are even some things that you can do yourself …
Continue reading “Hacked Website Repair: What You Should Know”
When a plain-text password form field is found by Google Chrome, it will reveal all passwords on that primary domain. For example, take a look at the following code and screenshot: <input class=”form-control secure_password required password fs-hide” data-install-name=”secureli” id=”ftp_user_pass_new” required=”required” aria-required=”true” autocomplete=”new-password” type=”text” name=”ftp_user[pass]”> By checking the “Show Password” button, as shown below… …the auto-complete …
Continue reading “Password Leak – Version 76.0.3809.132 (Official Build) (64-bit)”
— samples/bootstrap/js/bootstrap.min.js – bootstrap 3.3.7 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: …
— samples/bootstrap/js/bootstrap.min.js – bootstrap 3.0.2 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of tooltip/popover, CVE: CVE-2019-8331; https://github.com/twbs/bootstrap/issues/28236 severity: medium; issue: 20184, summary: XSS in data-target property of scrollspy, CVE: CVE-2018-14041; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: 20184, summary: XSS in collapse data-parent attribute, CVE: CVE-2018-14040; https://github.com/twbs/bootstrap/issues/20184 severity: medium; issue: …
https://github.com/CachetHQ/Cachet version v2.3.18 — public/dist/js/all.933ef52c701c02556f3b7fa32b0d5f5d.js – jquery 2.2.4 has known vulnerabilities: severity: medium; issue: 2432, summary: 3rd party CORS request may execute, CVE: CVE-2015-9251; https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium; CVE: CVE-2015-9251, issue: 11974, summary: parseHTML() executes scripts in event handlers; https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in …
Continue reading “Open Source Dependency Vulnerability – Cachet Version v2.3.18”
/work/OSD/repo/upload/admin/view/javascript/ckeditor/ckeditor.js ↳ ckeditor 4.9.1 has known vulnerabilities: severity: medium; summary: XSS if the enhanced image plugin is installed; https://ckeditor.com/blog/CKEditor-4.9.2-with-a-security-patch-released/ https://ckeditor.com/cke4/release-notes severity: medium; summary: XSS vulnerability in the HTML parser; https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/ https://snyk.io/vuln/SNYK-JS-CKEDITOR-72618 /work/OSD/repo/upload/admin/view/javascript/jquery/jquery-3.3.1.min.js ↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, …
Continue reading “OpenCart v3.0.3.2 Multiple Open Source Dependency Vulnerabilities”
Located in /public/js/app.js ↳ jquery 3.3.1 has known vulnerabilities: severity: low; CVE: CVE-2019-11358, summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution; https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
An open-source dependency vulnerability affects WPEngine’s PHPCompat module on https://github.com/wpengine/phpcompat /src/js/handlebars.js ↳ handlebars.js 4.0.3 has known vulnerabilities: severity: high; summary: A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template; https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692 https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86 severity: high; summary: A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template; …
Continue reading “WPEngine Open-Source Dependency Vulnerability”