WordPress AI Plugins: Tell me a secret
In our previous blog ‘WordPress Plugins: AI-dentifying Chatbot Weak Spots’ (https://prisminfosec.com/wordpress-plugins-ai-dentifying-chatbot-weak-spots/) a series of Issues were identified within AI related WordPress plugins: Today, we will be looking at further vulnerability types within these plugins that don’t provide us with the same adrenaline rush as popping a shell, but clearly show how AI plugins are being rushed […]
WordPress Plugins: AI-dentifying Chatbot Weak Spots
AI chatbots have become increasingly prevalent across various industries due to their ability to simulate human-like conversations and perform a range of tasks. This trend is evident in the WordPress ecosystem, where AI chatbot plugins are becoming widely adopted to enhance website functionality and user engagement. Prism Infosec reviewed the security postures of several open-source […]
WordPress Plugins: Don’t Let Vulnerabilities Crash Your Site’s Party
Like many management systems, WordPress offers extensions to its core functionality that are created by the community and third-party providers. While these extensions are essential for the thriving WordPress ecosystem, the influx of new code introduces fresh vulnerabilities. Prism Infosec assessed several open-source extensions and found a number of issues that could pose a risk […]
Microsoft Outlook Elevation of Privilege Vulnerability (CVE-2023-23397)
Introduction to CVE-2023-23397 On 14th of March, Microsoft released a security advisory, detailing CVE-2023-23397, a privilege escalation vulnerability, affecting various versions of Microsoft Outlook. The vulnerability has been assigned a CVSS:3.1 score of 9.8 (CRITICAL). The vulnerability allows a remote, unauthenticated attacker to access a victim’s Net-NTLMv2 hash by sending a tailored email to a compromised […]
Apache ‘Log4Shell’ Log4j (version 2) vulnerability (CVE-2021-44228)
Our teams are actively responding to the Log4Shell (or LogJam) 0-day threat which has been reported in the Apache Log4j 2 Java library and has been awarded a severity rating of 10 out of 10 by NIST. We are alerting customers to systems and services that may potentially be impacted and assisting with the investigation and remediation of any […]
