WPScan - WordPress Security
@_WPScan_
Followers
8K
Following
1K
Media
108
Statuses
4K
With our very own WordPress vulnerability database, WPScan is the leading software for WordPress security scanning.
Global
Joined July 2012
Our researchers found a Pre-Auth Object Injection vulnerability in the SEOPress plugin (300k+ active installs). It was fixed in the recent 7.9 update. Make sure to update now! #wordpress #security.
wpscan.com
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attacke…
0
1
5
Thank you WPScan'ers for your trust! We're sending holiday cheer to you and your family. ☃️
1
0
1
Our researchers found a Pre-Auth Stored XSS vulnerability in the WP Go Maps plugin (formerly known as WP Google Maps, 400k+ active installs). It was fixed in the recent 9.0.28 update. Make sure to update now!. #wordpress #security.
wpscan.com
During an analysis of the WP Go Maps plugin (formerly WP Google Maps), we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they hav…
0
1
4
Our researchers found a Pre-Auth Stored XSS vulnerability in the Popup Builder plugin (200k+ active installs). It was fixed in the recent 4.2.3 update. Make sure to update now!. #wordpress #security.
wpscan.com
During an analysis of the Popup Builder plugin, we discovered a pretty serious Stored XSS vulnerability that can be exploited by any attackers, regardless of whether they have an account on the sit…
2
3
5
Our researchers found a serious SQL Injection vulnerability in the WP Fastest Cache plugin. It was fixed in the recent 1.2.2 update. Make sure to update now!. #wordpress #security.
wpscan.com
During an internal review of the WP Fastest Cache plugin, the WPScan team discovered a serious SQL injection vulnerability. This vulnerability may allow unauthenticated attackers to read the full c…
0
1
6
URGENT: Active Hacking Campaign Targeting WordPress Plugin 'Royal Elementor Addons' (200,000+ active installs). Update to 1.3.79 ASAP! . For more info:. #wordpress #security.
wpscan.com
During an investigation of a series of website being actively compromised we noticed the constant presence of the Royal Elementor Addons and Templates plugin installed. And all sites had at least o…
0
0
2
Our researchers found a RCE gadget chain in WordPress Core. Fortunately, it was fixed on the recent 6.3.2 update. Here's how it worked:. #wordpress #security.
wpscan.com
During a recent team gathering in Belgium, we had an impromptu Capture The Flag game that included a challenge with an SQL Injection vulnerability occurring inside an INSERT statement, meaning atta…
2
2
8
Email Leak Oracle Vulnerability Addressed in WordPress 6.3.2. #wordpress #security.
wpscan.com
During a thorough analysis of WordPress’ internals, we discovered a subtle bug that allowed unauthenticated attackers to discern the email addresses of users who have published public posts o…
0
1
3
URGENT: Active Hacking Campaign Targeting #WordPress Plugin 'Ultimate Member' (200,000+ active installs). We strongly recommend disabling this plugin immediately until a patch is released that fixes the vulnerability. For more info:
2
11
19
Are you attending WordCamp Europe in Athens? We'd love to see you and talk security! Please come find the WPScan team at the Jetpack booth at WCEU. #WCEU #WordPress #security
1
1
1
WordPress VIP Integrates WPScan to Flag Potential Vulnerabilities with Major Sites Before They Go to Production.
1
1
5
Uncovering a PHAR Deserialization Vulnerability in WP Meta SEO and Escalating to RCE.
0
0
2
WP Engine’s Security Team Creates Custom Workflow with WPScan to Protect Clients
1
0
0
Thanks @HackingArticles for sharing the WPScan Cheat Sheet.
Wpscan Cheat Sheet. @_WPScan_. #infosec #cybersecurity #cybersecuritytips #pentesting #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #infosecurity #cyberattacks #security #linux #wordpress #bugbounty #bugbountytips
2
0
2
Protecting your WordPress website against SQL injection attacks.
wpscan.com
If you own a WordPress website, then chances are you’ve heard of SQL injections in WordPress. These malicious attacks can wreak havoc on your website and leave it vulnerable to hackers. Fortunately…
2
0
7