A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs. WordPress developers are encouraging users of the content management system to apply ...

A handful of vulnerabilities have been identified in WSO2 Identity Server that could lead to takeover, firewall bypass, and potentially open subsequent internal servers up to further attacks. A ...

The Ninja Forms WordPress plugin harbored a severe security flaw that could be used for website takeover through the creation of new administrator accounts. Ninja Forms is a drag-and-drop contact form ...

Researchers from Princeton University today revealed their discovery of four major Websites susceptible to the silent-but-deadly cross-site request forgery (CSRF) attack -- including one on ...

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...

IBM today will release a new version of the Watchfire AppScan vulnerability scanning tool that can test for the pervasive cross-site request forgery (CSRF) vulnerability found in many Web applications ...

TikTok has patched a reflected XSS security flaw and a bug leading to account takeover impacting the firm's web domain. Reported via the bug bounty platform HackerOne by researcher Muhammed "milly" ...

The U.S. Government National Vulnerability Database published warnings of multiple vulnerabilities affecting WordPress. There are multiple kinds of vulnerabilities affecting WordPress, including a ...