Web Flaws and Vulnerabilities

Altcha is a privacy-focused alternative to reCAPTCHA. This extension promises to eliminate tracking, cookies, and fingerprinting, offering robust, accessible, and globally compliant security without any complicated setup. Their service is 100% self-hosted, with no external requests or data sharing. You can find version 2 of this extension at https://github.com/altcha-org/altcha-wordpress-next/releases. This version 2 isn’t on wp.org […]

You know I spend my time dissecting vulnerabilities, whether they’re simple or require a twisted mind to cause harm. Today, we’re talking about a sneaky attack—a simple coding mistake. Buckle up, because we’re diving into ReDoS, the nightmare of regular expressions (Regex) for developers.

Timothée Allemmoz reported on the WordPress France Community Slack  that the Widget Logic plugin seemed to be hijacked. Let see this together. (TL;DR It’s infected but I’ll give you a solution to keep it!)

During my research in free extensions, or during code audits ordered by customers, I find from time to time things so simple to correct and yet so devastating that I wanted to show you one, a beautiful one.

iThemes Security is a know security plugin in the WordPress community since years. One week ago we discovered a security issue in their “Hide Backend” module, leaking the hidden login page. This ByPass Vulnerability has been patched in 7.9.1, update it if you’re using it.