AppCheck Security Blog

WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

read more

WordPress + Microsoft Office 365 / Azure AD | LOGIN Persistent Cross-Site Scripting

The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

Read more

AppCheck Web Application Seminar November 2021 - LONDON

The Web Application Security seminar is a free event that presents a detailed analysis of the most common threats facing web applications today. We will review high profile examples and provide a technical breakdown of critical security flaws along with an introduction into emerging technologies.

Read more

Secarma Automated Testing Podcast - Nick Blundell

In this episode, Nick Blundell – Head of R&D at AppCheck speaks with Holly Grace Williams from Secarma about the pros and cons of vulnerability scanning, how hackers can enter weak systems and the need for a blended approach.

Read more

Apache 2.4.50 (CVE-2021-42013) & 2.4.49 (CVE-2021-41773) Remote Code Execution / Path Traversal Vulnerability

A previous version of this article recommended updating to 2.4.50 to address the vulnerability in 2.4.49, however the fix in 2.4.50 has been now been shown to be incomplete therefore it is recommended to update to 2.4.51.

Read more

Reflecting on AppCheck: Taylor-Mae Nash

We have taken on lots of new starters at AppCheck across all departments as we continue to enjoy a period of expansion. We sit down with Taylor-Mae, our Client Services Executive, and ask her how her first few months with AppCheck have gone.

Read more

OWASP Top 10 2021 Web Application Security Risks

Every few years the OWASP community come together to review the ten most critical web application security risks (commonly known simply as the “OWASP Top 10”) by analysing vulnerability data spanning hundreds of organisations and over 100,000 real world applications. This process was most recently performed in 2021 and a new, updated top 10 list published.

Read more

Security Advisory: Persistent XSS via Avatar Upload in Kentico CMS

The Kentico CMS (13.0.4001.0 Xperience platform version tested locally) is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS).

Read more

Reflecting on AppCheck: Chris McGreavy

We spoke to Chris McGreavy, our Service Delivery Lead about his first few months here at AppCheck

Read more

AppCheck & the OWASP Penetration Testing Checklist

The OWASP Penetration Testing Checklist is aimed at delivering a baseline standard against which potential vendor solutions can be assessed to ensure that a prospective web application security testing provider delivers a service that is sufficient

Read more

Umbraco Forms File Upload Vulnerability: Technical Analysis (CVE-2021-37334)

On the 15th of July 2021 Umbraco and AppCheck released a Security Advisory to alert users of a vulnerability within the Umbraco Forms component that could be exploited to gain remote code execution on the affected system.

Read more