The more popular the website, the more likely the cyberattack. Find out your website’s risk of being compromised.
The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.
The team has been working on putting together a new vulnerability research process. During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider. We chose Testimonial Slider for no other reason than it was a slider plugin, after the recent Revolution Slider exploit.
What Does Testimonial Slider Do?
Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.
Earlier this week, a remote code execution vulnerability against Magento, the eBay-owned free and paid eCommerce platform, was released. Security researchers chained together multiple smaller vulnerabilities to ultimately run arbitrary code on the server Magento is hosted on.
This is my first ever Christmas letter to you. I don’t like to ask for much, but I’m desperate. I’ve been a website for, gosh, going on three years now. Don’t get me wrong, I love my job. My owner’s great, new people visit me every day from all around the world, and my graphics are to die for. There’s never a dull moment, even when my owner is sleeping. Which of course, I never do.
But there’s a problem. My owner is so busy building the business, managing cash flow, and getting orders out the door, that she has little time for things like website security. Besides, she says she doesn’t have a technical background and know much about cybersecurity.
And that has left me feeling, well, vulnerable. Which is not a good thing on the Internet when I’m completely exposed to so many strangers. But my owner really needs the website to showcase her work and generate online orders. And being blacklisted by the search engines would make her very upset. But I worry about what might happen if she doesn’t put everything else aside, just for a moment, and think about website security.
With that in mind, here are just a few things that I would absolutely love this year. Not really for me, but for my owner. I’m doing all this for her, which I think is a very unselfish act. So I hope you’ll do your best to get me as many things on my list as you can.
- First, I’d love someone to watch over me. I know where my weaknesses are, but my owner doesn’t, and she doesn’t have the time to guard me every second of the day. So a website security or monitoring service would be just great. Everyone can sleep easier and I’ll feel much less naked and vulnerable.
- A new password would be great. Would it be asking too much to ask for a new website password say, every three months? Maybe one with a number or two, or heaven forbid a special character!? That could significantly reduce the chances that hackers will guess or crack my password and have access to who knows what. And a strong, random, and well-protected password would be ideal. I mean, what good is a password if it doesn’t do its job very well. Not complaining or criticizing, just saying.
- This might be asking too much, but any chance you could help me get rid of this stuff I’m not using anymore. I feel so bogged down lately with all this old, outdated code and images that no one even uses. It takes every bit of my energy to just load a simple page. I know I could be so much faster and lighter with just a bit of a clean-up – I’ll be a whole new website, you’ll see!
- I don’t want to sound selfish, but could I ask for a little something else for myself? Nothing fancy, but I’ve worked so hard all year I think it would help my spirits and confidence as we get ready for yet another year. Patches. I’d like some patches, or updates. I am up to my gills in all kinds of third-party programs that the web designer thought would be so very cool to burden me with. But he’s easily distracted and he’s forgotten about most of them. Now at least half of them have serious and known vulnerabilities that have never been patched or updated.
Anyway, I hope I didn’t take up too much of your valuable time. And I hope you’ll see that what I’m asking for is not for me. I even know of a company that can help you with this. To make things easy, I’ll provide you with the number to SiteLock website security. It’s 855-378-6200. They’re available 24/7/365 to help!