A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have. This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack. Impact – What can an attacker do … Continue reading WordPress Privilege Escalation through Post Types
Read More
If you’ve been following website security industry changes, you may know that the move by browsers to warn visitors of webpages served via HTTP as “Not Secure” has been in the works for a while. And, if you’re like most organizations, preparing for the inevitable has been dead last on your to-do list. Unfortunately, pretending … Continue reading Google Has Issued the Official Warning—Encrypt by July 1 or Else
Read More