Dark Reading

CSRF Attacks Get New PoC Creation Tool

Cross site request forgery (CSRF) is a powerful attack that can have devastating consequences. It's not a new attack, but new tools are released every year because Web developers don't always write ...
Searchenginejournal.com

Inspiro WordPress Theme Vulnerability Affects Over 70,000 Sites

A vulnerability advisory was published for the Inspiro WordPress theme by WPZoom. The vulnerability arises due to a missing or incorrect security validation that enables an unauthenticated attacker to ...
Searchenginejournal.com

WordPress Redux Plugin Vulnerability Affects +1 Million Sites

Redux, a popular WordPress plugin with more than 1 million active installations recently patched a vulnerability. The vulnerability allowed an attacker to bypass security measures in a Cross-Site ...
Bleeping Computer

WordPress plugin bug lets hackers create rogue admin accounts

WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin ...
Dark Reading

New Gmail Flaw Lets Attacker Control 'Change Password' Function

A researcher today released a proof-of-concept for a vulnerability he discovered in Google Gmail that lets an attacker change a Gmail user's password, wage a denial-of-service attack on the account, ...
Threat Post

Critical Flaws in Khan Academy Opened Door to Account Takeovers

The two critical cross-site request forgery flaws in the online learning non-profit Khan Academy have been resolved. Two critical cross-site request forgery (CSRF) flaws in educational non-profit Khan ...
Bleeping Computer

200K WordPress Sites Exposed to Takeover Attacks by Plugin Bug

A high severity cross-site request forgery (CSRF) bug allows attackers to take over WordPress sites running an unpatched version of the Code Snippets plugin because of missing referer checks on the ...