xxs


WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax rates setting incorrectly processes user-supplied data. Remote attackers are tricking WooCommerce administrators into uploading a malicious CSV file that claims to provide required tax rate data for a particular country or region.. [Read More]
by RSS Zhouyuan Yang  |  Dec 16, 2016  |  Filed in: Security Research
With over 12 million downloads, Photo Gallery is one of the most popular WordPress plugins; users should be sure to upgrade to the latest version. FortiGuard Labs disclosed a vulnerability today in the WordPress Photo Gallery plugin that could potentially be used to gather information from system administrators. With over 100,000 active installations and robust photo management and editing tools, this particular cross-site scripting vulnerability has significant security implications across the many retail, media, and other WordPress-driven websites... [Read More]
by RSS Aamir Lakhani  |  Mar 20, 2015  |  Filed in: Security Research
A few months ago, Tinba’s source code was leaked in the wild. It is now inevitable that a different and enhanced version of it is out there. Tinba, also known as Tiny Banker, made its debut a couple of years ago. Though it is small, it is capable of doing what its big brothers can do. For more details on some of its features, you can read my article posted on Virus Bulletin. 64-bit Injected Code As expected, we have seen some new changes added to the original malware. Tinba is now capable of injecting its code into a 64-bit running process. The... [Read More]
by RSS Raul Alvarez  |  Oct 06, 2014  |  Filed in: Security Research