Disclosure: SQL Injection in Cart66 Pro
·
Last month I discovered a critical SQL injection vulnerability in the no-longer-developed yet still actively used Cart66 Pro plugin for WordPress. Here are the details …
vulnerability
-
-
DNS and Cross-Site Scripting
·
One of the first things on any security auditor’s list is checking to see if a site is vulnerable to cross-site scripting (XSS).
-
Why Showing The WordPress Username Is A Security Risk
·
There have been a handful of discussions lately surrounding WordPress and usernames – particularly whether or not exposing usernames is a security risk. The consensus appears to be “no.” I beg to differ.
-
Web Requests and Data Leakage
·
Even if your site is browsed over HTTPS, it can be insecure if any assets (images, scripts, styles) are transferred over an HTTP connection. This will trigger a “mixed content” warning in the browser that many will brush off as unimportant. The warning can be a major issue for some sites, though, and I want…