The xpinner-lite plugin through 2.2 for WordPress has wp-admin/options-general.php CSRF with resultant X

The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS.

The wp-piwik plugin before 1.0.5 for WordPress has XSS.

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_keywords XSS.

The neuvoo-jobroll plugin 2.0 for WordPress has neuvoo_location XSS.

The websimon-tables plugin through 1.3.4 for WordPress has wp-admin/tools.php edit_style id XSS.

The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection.

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.ph-p type SQL injection.

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php gcid SQL injection.

The gocodes plugin through 1.3.5 for WordPress has wp-admin/tools.php deletegc XSS.

The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto--thickbox-plus/downlo

The users-ultra plugin before 1.5.64 for WordPress has SQL Injection via an ajax action.

The users-ultra plugin before 1.5.63 for WordPress has CSRF via action=package_add_new to wp-admin/admin

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter.

The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter.

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim--mp3/source/pages.php-?id

The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/s

The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage op

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

The relevant plugin before 1.0.8 for WordPress has XSS.

The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or sing

The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter.

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-m

The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=tru

The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only k

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the ol

An Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police s

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly cease

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor t

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role i

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time an

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct,

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Manageme

PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of

It’s less expensive to prevent cyber attacks than it is to repair the damage when they happen. C

Photo by Katie Moum on Unsplash Cybercrime is global, but the response isn’t. Governments i

Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful informa

These days it seems that every time you open your favorite news source there is another data breach

This spring, as the product and security operations teams at AT&T Cybersecurity prepared for the l

   

This past June, I attended the 2019 Bitcoin Conference in San Francisco, CA. With the various discussi

As technological developments have helped turn the world into a global village, they have also made

Julia Solonina Britain should be prepared for a Category 1 cyber security emergency, accordin

Every year we survey visitors to our booth at Black Hat about trending topics. This year, we asked abo

Sir Tim Berners-Lee invented the World Wide Web in 1989, and then it became available to the genera