Archive for 'WordPress'

National Bank of Greece phishing e-mail

A new phishing e-mail is on the run, claiming to be from nbg.gr (National Bank of Greece), requesting to click on a link in order to have credit and debit card changed and personal info updated.
Needless to say once again that you should never click on such links, there is no bank in the world that will request personal information through e-mail and not prompt you logging into your web banking account with your credentials and token (if available). …

Continue Reading →
0

Recaptcha WordPress Plugin Cross Site Scripting Vulnerability

Vulnerable Systems:
* Recaptcha WordPress Plugin
The WordPress Recaptcha Plugin “integrates reCAPTCHA antispam methods with WordPress including comment, registration, and email spam protection”.
This advisory describes multiple Stored Cross Site Scripting (XSS) vulnerabilities and one Cross Site Request Forgery (CSRF) vulnerability on the plugin. As a result, an attacker can gain elevated access privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the WordPress administrator user. Furthermore, the attacker …

Continue Reading →
0