Security News

Sites that use the Gutenberg (found in WordPress 5.0 to 5.2.2) are open to complete takeover.

WordPress developers on Thursday announced the availability of version 5.2.3, a maintenance and security release that includes 29 fixes and enhancements, along with several security patches. read more

The WordPress plugin Facebook Widget (Widget for Facebook Page Feeds), which was recently closed on the WordPress plugin directory, is affected by an authenticated persistent Cross-Site Scripting...

Google's throwing in the towel on XSS Auditor and putting its trust in Trusted Types instead.

Bug Hunter Sam Curry's Find Left Tesla Slightly Red FacedSoftware vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam...

A researcher has earned $10,000 from Tesla after discovering a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain — and possibly modify — vehicle information....

A cross-site scripting vulnerability in WordPress plugin WP Statistics could have enabled full website takeover.

A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.

A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to...

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.