#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

wordpress update | Breaking Cybersecurity News | The Hacker News

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Nov 07, 2018
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the unpatched websites. WooCommerce is one the most popular eCommerce plugins for WordPress that helps websites to upgrade their standard blog to a powerful online store. WooCommerce powers nearly 35% of e-stores on the internet, with more than 4 million installations. Exploiting WooCommerce File-Deletion and WordPress Design Flaws The attack demonstrated in the following video takes advantage of the way WordPress handles user privileges and WooCommerce file deletion vulnerability, allowing an account with "Shop Manager" role to eventually reset administrator accounts' pass
WordPress Update Breaks Automatic Update Feature—Apply Manual Update

WordPress Update Breaks Automatic Update Feature—Apply Manual Update

Feb 09, 2018
WordPress administrators are once again in trouble. WordPress version 4.9.3 was released earlier this week with patches for a total 34 vulnerabilities, but unfortunately, the new version broke the automatic update mechanism for millions of WordPress websites. WordPress team has now issued a new maintenance update, WordPress 4.9.4 , to patch this severe bug, which WordPress admins have to install manually. According to security site WordFence , when WordPress CMS tries to determine whether the site needs to install an updated version, if available, a PHP error interrupts the auto-update process. If not updated manually to the latest 4.9.4 version, the bug would leave your website on WordPress 4.9.3 forever, leaving it vulnerable to future security issues. Here's what WordPress lead developer Dion Hulse explained about the bug: "#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human e
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Feb 09, 2024Static Code Analysis
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest security patches. However, in practice, developers often face a large amount of security work without clear prioritization - and miss a significant portion of the attack surface altogether. The primary issue arises from the detection and prioritization methods used by traditional Static Code Analysis (SCA) tools for vulnerabilities. These methods lack the organizational-specific context needed to make an informed scoring decision: the score, even if critical, might not  actually  be critical for an organization because its infrastructure works in a unique way - affecting the actual impact the vulnerability might have.  In other words, since these tools depend on a relatively naive methodol
Cybersecurity Resources