Security News

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail. read more

The bug was fixed at least a month ago so users receiving dynamic email content have one less thing to worry about.

The issue in the Rich Reviews plugin is being actively exploited.

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.

WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches. read more

The WordPress plugin Facebook Widget (Widget for Facebook Page Feeds), which was recently closed on the WordPress plugin directory, is affected by an authenticated persistent Cross-Site Scripting...

Google's throwing in the towel on XSS Auditor and putting its trust in Trusted Types instead.

Bug Hunter Sam Curry's Find Left Tesla Slightly Red FacedSoftware vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam...

A researcher has earned $10,000 from Tesla after discovering a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain — and possibly modify — vehicle information....

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.