WPScan - WordPress Security
@_WPScan_
Followers
8K
Following
1K
Media
108
Statuses
4K
With our very own WordPress vulnerability database, WPScan is the leading software for WordPress security scanning.
Global
Joined July 2012
Our researchers found a Pre-Auth Object Injection vulnerability in the SEOPress plugin (300k+ active installs). It was fixed in the recent 7.9 update. Make sure to update now! #wordpress #security
https://t.co/Mor1Qwvc0V
wpscan.com
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attacke…
2
1
5
Thank you WPScan'ers for your trust! We're sending holiday cheer to you and your family. ☃️
1
0
1
Our researchers found a Pre-Auth Stored XSS vulnerability in the WP Go Maps plugin (formerly known as WP Google Maps, 400k+ active installs). It was fixed in the recent 9.0.28 update. Make sure to update now! #wordpress #security
https://t.co/m0IWVsc7vs
wpscan.com
During an analysis of the WP Go Maps plugin (formerly WP Google Maps), we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they hav…
0
1
4
Our researchers found a Pre-Auth Stored XSS vulnerability in the Popup Builder plugin (200k+ active installs). It was fixed in the recent 4.2.3 update. Make sure to update now! #wordpress #security
https://t.co/h9O5MSOHXP
wpscan.com
During an analysis of the Popup Builder plugin, we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they have an account on the sit…
2
3
5
Our researchers found a serious SQL Injection vulnerability in the WP Fastest Cache plugin. It was fixed in the recent 1.2.2 update. Make sure to update now! https://t.co/Dk6m1ciEGd
#wordpress #security
wpscan.com
During an internal review of the WP Fastest Cache plugin, the WPScan team discovered a serious SQL injection vulnerability. This vulnerability may allow unauthenticated attackers to read the full c…
0
1
6
URGENT: Active Hacking Campaign Targeting WordPress Plugin 'Royal Elementor Addons' (200,000+ active installs). Update to 1.3.79 ASAP! For more info: https://t.co/k5fpZrUHAb
#wordpress #security
wpscan.com
During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least o…
0
0
2
Our researchers found a RCE gadget chain in WordPress Core. Fortunately, it was fixed on the recent 6.3.2 update. Here's how it worked: https://t.co/CSvE72xbzM
#wordpress #security
wpscan.com
During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning atta…
2
2
8
Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2 #wordpress #security
https://t.co/O0WPi4Y0aL
wpscan.com
During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts o…
0
1
3
URGENT: Active Hacking Campaign Targeting #WordPress Plugin 'Ultimate Member' (200,000+ active installs). We strongly recommend disabling this plugin immediately until a patch is released that fixes the vulnerability. For more info:
2
11
19
Are you attending WordCamp Europe in Athens? We'd love to see you and talk security! Please come find the WPScan team at the Jetpack booth at WCEU. #WCEU #WordPress #security
1
1
1
WordPress VIP Integrates WPScan to Flag Potential Vulnerabilities with Major Sites Before They Go to Production https://t.co/VRPNtZcUG9
1
1
5
Uncovering a PHAR Deserialization Vulnerability in WP Meta SEO and Escalating to RCE https://t.co/Rd7KBE9khf
0
0
2
WP Engine’s Security Team Creates Custom Workflow with WPScan to Protect Clients
1
0
0
What is a brute force attack? https://t.co/yRufdPeBEY
0
0
0
Thanks @HackingArticles for sharing the WPScan Cheat Sheet.
Wpscan Cheat Sheet @_WPScan_
https://t.co/iJOswFpbpK
#infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #wordpress #bugbounty #bugbountytips
2
0
2
WordPress Black Box Testing Basics https://t.co/gL6WjMe0bm
0
2
3
Fake plugin affecting WordPress sites https://t.co/QOTmnCVBUp
0
2
3
Protecting your WordPress website against SQL injection attacks https://t.co/p4Ium5kYxH
wpscan.com
If you own a WordPress website, then chances are you’ve heard of SQL injections in WordPress. These malicious attacks can wreak havoc on your website and leave it vulnerable to hackers. Fortunately…
2
0
7