Articles

My InfoSec Story

Over time, I have received multiple messages in social media platforms such as Twitter and LinkedIn, and here on my website, asking me for advice/tips on getting started in the Cybersecurity field. Much of the confusion about getting started in this...

Stored XSS Vulnerability found in Nagios Log Server

On testing the popular log monitoring and management application, Nagios Log Server version 2.1.6 (latest at the time of testing), I found that it is vulnerable to Stored XSS attacks. CVE-2020-16157 Summary Nagios Log Server is a popular Centralized...

Sensitive Data Exposure in Journal OpenCart Theme

During the audit on an OpenCart website belonging to one of our Astra customers, Journal theme version 3.0.46 and below were found to expose sensitive data through SQL errors at a vulnerable endpoint. Journal version 3.1.0 fixing the issue was...

What’s on my .htaccess?

Some of the security issues commonly seen on a website can be taken care of using the .htaccess (hypertext access) file. In this article, I am gonna be showing the .htaccess configuration from my WordPress website and explain the security issues...

Stored XSS Vulnerability found in WPForms Plugin

WPForms Plugin version 1.5.8.2 and below were found to be vulnerable to authenticated stored XSS while I was auditing the plugin. WPForms version 1.5.9 with improved data sanitization was released on March 5, 2020. CVE-2020-10385 Summary WPForms is...

CSV Injection in Export Users to CSV Plugin

Export Users to CSV is a WordPress plugin that allows website owners/admins to export users list and metadata in a CSV file. While testing the plugin, I was able to find that it is vulnerable to CSV Injection. CSV Injection, also known as Formula...

Cross-Site Request Forgery in Tutor LMS Plugin

While testing the popular WordPress LMS plugin, Tutor LMS, for one of Astra‘s clients, I was able to find that the plugin is vulnerable to Cross-Site Request Forgery (CSRF). All WordPress websites using Tutor LMS version 1.5.2 and below are...