Home | 2017 | February

Monthly Archives: February 2017

HackerOne Launches Free Community Edition for Non-Commercial Open Source Projects

HackerOne , the vulnerability coordination and bug bounty platform, has launched a new Community Edition for open source projects. The company is built around the notion that, “given enough eyeballs, all vulnerabilities are shallow.” HackerOne announced a $40 million round of funding earlier this month, which allows the company to expand its market and add new features to the platform. ...

Read More »

Freemius Launches Insights for WordPress Themes

Freemius Insights has announced that its analytics service that was previously only available to WordPress plugins is now available for themes. The company was founded in 2015 by Vova Feldman and his team after discovering how much information is not available to developers who host plugins and themes on the official WordPress directories and marketplaces. Freemius Insights for Themes Freemius ...

Read More »

32 Extremely Useful Tricks for the WordPress Functions File

All WordPress themes come with a powerful functions.php file. This file acts as a plugin and allows you to do lots of cool things on your WordPress site. In this article, we will show you some of the most useful tricks for your WordPress functions file. What is Functions File in WordPress? Functions file commonly known as functions.php file is ...

Read More »

NextGEN Gallery Patches Critical SQL Injection Vulnerability

Slavco Mihajloski , security researcher at Sucuri , has discovered a critical SQL injection vulnerability in NextGEN Gallery , a popular WordPress plugin that’s active on more than a million sites. Mihajloski gives the vulnerability a 9 out of 10 on Sucuri’s DREAD scale. Dread stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Each category receives a score between 0 and 10. ...

Read More »

Linus Torvalds Shares Lessons from 25 Years of Open Source Project Maintainership, Decries Tech Innovation Hype

Linux creator Linus Torvalds joined Jim Zemlin, executive director of the Linux Foundation, on stage at the Open Source Leadership Summit for a candid conversation on maintaining open source projects. After 25 years of maintaining the Linux kernal, Torvalds has developed a network of trust that enables the project to iterate quickly with its 2.5 month release cycle. The current ...

Read More »

SQL Injection Vulnerability in NextGEN Gallery for WordPress

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information. Are You at ...

Read More »