-
Reducing Disk Load in High-Traffic PHP Applications: Switching from SQLite to Redis for Anti-Crawler Storage
Automated crawlers and scraping bots are a growing problem for modern websites. While search engine bots are useful, many other crawlers generate excessive traffic, scrape content, or overload servers. To help website owners control this type of traffic, we recently released the Anti-Crawler PHP Library by CleanTalk, an open-source tool designed to detect and limit
-
CVE-2023-4209 – POEditor < 0.9.8 - Settings Reset via CSRF
In our quest for a secure WordPress environment, a significant discovery has emerged. The POEditor plugin, a powerful translation tool, harbors a critical vulnerability. Prior to version 0.9.8, the absence of Cross-Site Request Forgery (CSRF) protection has exposed the plugin to potential manipulation by attackers. Main info: CVE CVE-2023-4209 Plugin POEditor Critical Medium Publicly Published…
-
CVE-2023-4023 – All Users Messenger <= 1.24 - Subscriber + Message Deletion via IDOR
In a recent round of intensive plugin testing, a concerning security flaw has come to light. The All Users Messenger plugin, a widely used communication tool for WordPress, harbors a significant Insecure Direct Object Reference (IDOR) vulnerability. Main info: CVE CVE-2023-4023 Plugin All Users Messenger Critical Medium Publicly Published August 7, 2023 Last Updated August…
-
CVE-2023-4035 – Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
In our recent in-depth security analysis of the widely used Simple Blog Card plugin for WordPress, a concerning vulnerability has come to light. Versions prior to 1.31 have a critical flaw, leaving your website exposed to potential Stored Cross-Site Scripting (XSS) attacks! Main info: CVE CVE-2023-4035 Plugin Simple Blog Card Critical High Publicly Published August…
-
CVE-2023-3720 – Upload Media By URL < 1.0.8 - Stored XSS via CSRF
During a thorough security assessment of the Upload Media By URL plugin for WordPress, a concerning medium-level vulnerability has been uncovered in versions prior to 1.0.8. This vulnerability poses a significant risk to your website’s security and calls for immediate action! If exploited, this vulnerability allows attackers to potentially upload files containing malicious code directly…