Recently around april, 19th 2016, iThemes Security got patched against a vulnerability discovered by our team, a lack of capability check, allowing any member with any role to perform an Administrator action.
htmltowordpress.io was vulnerable to a PHP code execution through HTML file, it’s now fixed, let’s have a look on what happened.
BJ Lazy Load is a plugin to differ the image loads, available for free on the official WordPress repository and he’s using TimThumb. On 1st september 2015, we did some research about Laly loading plugins and we finally discovered that this plugin, BJ Lazy Load v 0.7.5, was using an outdated version of TimThumb, this famous script which is still responsible of […]
Redux Framework is a code structure script that allows you to easily create good looking option pages and adding its own features. Versions before 3.5.6.8 are victims of a privilege escalation flaw, the scénario for the exploit is not mainstream, here comes the requirement: Using a theme with Redux Framework, Using a plugin with Redux Framework, Having a user with a role […]
WPML contains a XSS flaw since v2.9.3
This website is edited by 21(douze).
Registered office:
26, rue Montgolfier
62510 Arques - France.
SIRET
523 133 189 00010
Email
contact@secupress.me
Hosted by o2switch
222 Boulevard Gustave Flaubert
63000 Clermont-Ferrand
France