Cross-site request forgery (CSRF) Archives

Pierluigi Paganini May 01, 2020

Over 800K WordPress sites are at risk due to a flaw in Ninja Forms plugin

The development team oh the Ninja Forms WordPress plugin fixed a high severity security flaw that can let attackers take over websites. The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin […]

Pierluigi Paganini March 27, 2020

A missing authorization check in WordPre WPvivid plugin that can lead to the exposure of the database and all files

Researchers warn of a security flaw recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. WebARX experts warn of a missing authorization check recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. “There is a missing […]

Pierluigi Paganini December 03, 2015

3G/4G modems continue to be vulnerable

Researchers have conducted a series of tests on popular 3G/4G mobile modems (data dongles) and routers discovered an impressive number of serious flaws. Sometimes old news came back threatening our cyber security, all because 3G/4G dongles keep in being as vulnerable as they were in the past. In the last report issued by the SCADA […]

Pierluigi Paganini December 16, 2013

Advanced Power hits Firefox Users to conduct vulnerability scanning

KrebsOnSecurity has discovered an unusual botnet that disguises itself as a legitimate add-on for Mozilla Firefox to perform website vulnerability scanning. Krebson security blog posted an interesting article on a new concerning botnet infected more than 12,500 systems disguises itself as a legitimate add-on for Mozilla Firefox to hack websites on a large scale. The botnet, […]

Pierluigi Paganini November 23, 2013

Hacking Google Gmail accounts exploiting password reset system flaw

Security researcher Oren Hafif demonstrated how to hack a Google Gmail account exploiting a serious flaw in the password reset process. A serious vulnerability in the password reset process of Google account allows an attacker to hijack any account, this is the sensational discovery made by security researchers Oren Hafif. “that password recovery is often in […]