WordPress Plugin Membership Simplified v1.58 – Arbitrary File Download

LFI, Uncategorized, Web Attacks, webdev

Today we will discuss poor development practices in wordpress plugins with key focus WordPress Plugin Membership Simplified v1.58 which as of the time of this writing the script is not patched . The vulnerable script is as below: Meta data: Discovery : Larry W Cashdollar  WPVDB ID : 8777 CVE-ID :  CVE-2017-1002008 Dork Standard stuff […]

Business Continuity Failures

Uncategorized, Web Attacks, webdev

Everyone Loves Good Backup Systems to ensure in event of anything you are back to business ASAP. This however can be your biggest downfall if done wrong. As of Yesterday (2014-10-09),  WordPress Ready! Backup Plugin has this done wrong By Breaking two rules of the web: Logging Backup Process to a Web Viewable Interface on […]