According to an article on the Sucuri blog today, there is an extremely widespread security vulnerability in many WordPress plugins. The vulnerability seems to be the result of a breakdown in communication, where developers expected a set of core WordPress functions to do one thing, when it actually does another. Essentially, most plugin developers (including those […]
Major Drupal Vulnerability
A major exploit in Drupal 7, allowing SQL injection, was reported a few weeks ago. Many security blogs are reporting that all Drupal systems that are running v7 should consider themselves potentially exploited, unless they patched their system on or before October 15 (when the vulnerability was reported). For those of us that constantly hear […]
Potential Cross-Site Scripting Vulnerability in jQuery Scripts
A few days ago, Eric A Mann posted an article explaining a potential XSS vulnerability in various jQuery scripts. The basic premise is that a very common coding practice in jQuery (checking to see if an element exists before trying to use it) could lead to an XSS attack. Essentially, if you use jQuery to […]