WordPress Content Cards Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports PHP and MySQL server set up a personal blog site.Content Cards plugin is used in one of the website link embedded plug-ins. A cross-site scripting vulnerability exists i...

Sucuri: Usage of HTTP for exporting graph data as images

Whenever a user of waf.sucuri.net exports his reports graph data as a png, an unencrypted request is sent over to export.highcharts.com. This enables a mitm-able attacker to sniff and|or replace exported image. Also, the whole practice of offloading potentially private user data to an unrelated...