Last month I discovered a critical SQL injection vulnerability in the no-longer-developed yet still actively used Cart66 Pro plugin for WordPress. Here are the details …
DNS and Cross-Site Scripting
One of the first things on any security auditor’s list is checking to see if a site is vulnerable to cross-site scripting (XSS).
Why Showing The WordPress Username Is A Security Risk
There have been a handful of discussions lately surrounding WordPress and usernames – particularly whether or not exposing usernames is a security risk.
The consensus appears to be “no.” I beg to differ.
Web Requests and Data Leakage
Even if your site is browsed over HTTPS, it can be insecure if any assets (images, scripts, styles) are transferred over an HTTP connection. This will trigger a “mixed content” warning in the browser that many will brush off as unimportant. The warning can be a major issue for some sites, though, and I want to explain why.