You know I spend my time dissecting vulnerabilities, whether they’re simple or require a twisted mind to cause harm. Today, we’re talking about a sneaky attack—a simple coding mistake. Buckle up, because we’re diving into ReDoS, the nightmare of regular expressions (Regex) for developers.
A major update, version 2.4, just two months after 2.3—that’s not bad. It’s less intimidating than the previous one. The changelog is short, and the risk of seeing a 2.4.20 version is very low. Let’s see what this new feature is and why it was added precisely.
This v2.3 may be the best version of SecuPress ever, read that again.
Timothée Allemmoz reported on the WordPress France Community Slack that the Widget Logic plugin seemed to be hijacked. Let see this together. (TL;DR It’s infected but I’ll give you a solution to keep it!)
During my research in free extensions, or during code audits ordered by customers, I find from time to time things so simple to correct and yet so devastating that I wanted to show you one, a beautiful one.
This website is edited by 21(douze).
Registered office:
26, rue Montgolfier
62510 Arques - France.
SIRET
523 133 189 00010
Email
contact@secupress.me
Hosted by o2switch
222 Boulevard Gustave Flaubert
63000 Clermont-Ferrand
France
