Web Flaws and Vulnerabilities

Flaws and vulnerabilities are constantly being found on the web. It's important to stay informed to avoid some nasty surprises when you own a website. Find out about some famous flaws, their impact, their discovery and the patches created to fix them.

Blog Web Flaws and Vulnerabilities
Web Flaws and Vulnerabilities

Widget Logic and the undesired JavaScript injection

October 12, 2024 0 comments

Timothée Allemmoz reported on the WordPress France Community Slack  that the Widget Logic plugin seemed to be hijacked. Let see this together. (TL;DR It’s infected but I’ll give you a solution to keep it!)

Read more
Web Flaws and Vulnerabilities

Anatomy of a Shortcode with its Flaws

February 13, 2024 0 comments

During my research in free extensions, or during code audits ordered by customers, I find from time to time things so simple to correct and yet so devastating that I wanted to show you one, a beautiful one.

Read more
Web Flaws and Vulnerabilities

iThemes Security < 7.9.1 – Hide Backend ByPass

April 21, 2021 0 comments

iThemes Security is a know security plugin in the WordPress community since years. One week ago we discovered a security issue in their “Hide Backend” module, leaking the hidden login page. This ByPass Vulnerability has been patched in 7.9.1, update it if you’re using it.

Read more
Web Flaws and Vulnerabilities

WordPress Security, a response to Yoast

June 10, 2020 0 comments

This post is a response to Yoast at https://yoast.com/wordpress-security/. Yoast is a SEO company in the WordPress ecosystem since 10 years now. They are professionals without any doubts, but for SEO purposes, not for Security. After my read on that particular and recent post from them, I had to answer and fix the issues. Some […]

Read more