WordPress Design Flaw Leads to WooCommerce RCE

6 Nov 2018 by Simon Scannell
WordPress

A flaw in the way WordPress handles privileges can lead to a privilege escalation in WordPress plugins. This affects for example WooCommerce, the most popular e-commerce plugin with over 4 million installations. The vulnerability allows shop managers to delete certain files on the server and then to take over any administrator account (CVE-2018-20714).

Read More

WordPress Configuration Cheat Sheet

31 Oct 2018 by Nils Werner

WordPress Configuration Cheat Sheet

WordPress is the most frequently installed web application in the world. The system is operated not only by experienced developers but also by beginners. In this blog post, we summarize what to look out for when configuring your WordPress installation’s security.

Read More

What is PHP Object Injection

9 Oct 2018 by Simon Scannell

PHP Object Injections

A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Read More

Symfony Configuration Cheat Sheet

27 Sep 2018 by Nils Werner

Symfony Configuration Cheat Sheet

Symfony is one of the most widely used PHP frameworks with many components and options. Our Symfony Configuration Cheat Sheet shows how to ensure a secure baseline for your framework in 10 steps.

Read More

Sync and Manage your Security Issues within Jira

13 Sep 2018 by Malena Ebert

RIPS JIRA Integration

We are excited to announce the release of our new Jira plugin. It allows to synchronize security issues detected by RIPS with your existing Jira issues so you can track and collaborate on software bugs in a single place.

Read More