Threat Post

WordPress Plugins Bogged Down with CSRF, XSS Vulnerabilities

A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different Wordpress plugins as of late. A smattering of bugs, mostly cross-site scripting (XSS) and cross-site ...
Threat Post

WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs. WordPress developers are encouraging users of the content management system to apply ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Dark Reading

New Tool Eases CSRF Bug Discovery

If you think Cross-Site Request Forgery (CSRF) vulnerabilities aren't easy to find or exploit on your Website, think again. A researcher has released a tool that makes it easier to test sites for CSRF ...
ZDNet

Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking

The Ninja Forms WordPress plugin harbored a severe security flaw that could be used for website takeover through the creation of new administrator accounts. Ninja Forms is a drag-and-drop contact form ...
Dark Reading

CSRF Still Armed And Dangerous

While they may not pack the same punch or crop up at the same frequency as injection or cross site scripting attacks, cross site request forgery (CSRF) attacks should still be very much on the radar ...
Searchenginejournal.com

WordPress Cache Plugin Exploit Affects +1 Million Websites

Popular WordPress plugin WP Fastest Cache plugin was discovered by Jetpack security researchers to have multiple vulnerabilities that could allow an attacker to assume full administrator privileges.