Understanding CVE-2025-12367: Enhance Server Security The recent discovery of CVE-2025-12367 reveals a serious vulnerability in the SiteSEO plugin for WordPress. This flaw could grant unauthorized access to authenticated users. Overview of the Vulnerability Versions up to 1.3.1 of the SiteSEO plugin are affected by a Missing Authorization issue. This vulnerability allows attackers with Author-level access […]

Introduction to Server Security Risks As cybersecurity threats continue to evolve, system administrators and hosting providers must stay vigilant. Recently, a vulnerability labeled CVE-2025-11928 emerged, primarily affecting the CSS & JavaScript Toolbox plugin for WordPress. This vulnerability allows authenticated attackers to launch Stored Cross-Site Scripting (XSS) attacks, highlighting an urgent need for enhanced server security […]

Understanding CVE-2025-12367: Enhance Server Security The recent discovery of CVE-2025-12367 reveals a serious vulnerability in the SiteSEO plugin for WordPress. This flaw could grant unauthorized access to authenticated users. Overview of the Vulnerability Versions up to 1.3.1 of the SiteSEO plugin are affected by a Missing Authorization issue. This vulnerability allows attackers with Author-level access […]

Introduction to Server Security Risks As cybersecurity threats continue to evolve, system administrators and hosting providers must stay vigilant. Recently, a vulnerability labeled CVE-2025-11928 emerged, primarily affecting the CSS & JavaScript Toolbox plugin for WordPress. This vulnerability allows authenticated attackers to launch Stored Cross-Site Scripting (XSS) attacks, highlighting an urgent need for enhanced server security […]

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important […]

CloudFest 2018 – The Security Panel Attending at Cloudfest (formerly known as WHD.Global) is always the highlight of the year event-wise. Catching up with our partners, having lively debates about new technologies and learning from industry leaders are things we always go for. As our ninjas attended in incognito this time – only as attendees, […]

The beta version of WAF 2.0 is performing much better than we expected. The feedback we’ve been receiving about it is truly fascinating. More and more people are realizing just how powerful this module is. It’s already – effectively protecting – hundreds of servers against SQL injections, XSS attacks, command injections, directory traversal, data leakage and […]

2 days ago, a serious vulnerability, SA-CORE-2018-002 (CVE-2018-7600) has been found in Drupal 6, 7 and 8, which affects over one million websites. All the unpatched Drupals are in serious danger! An attacker can upload backdoors or malware via this newly discovered vulnerability. The vulnerability is scored 21/25 Highly Critical! Details of the vulnerability: This […]

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps to eliminate hackers When you first install BitNinja on your server, the best you can do is […]

Our team at BitNinja tries to make a habit of visiting the great community conference called DevConf every year. It is an event hosted by Red Hat in the beautiful city of Brno in the Czech Republic. The presentations and talks take place at the Brno University of Technology (those buildings that are a unique combination […]

Our Hungarian web hosting partner, web-server.hu had ZERO website infections – since enabling BitNinja’s new WAF 2.0 module. We caught up with the lead sysadmin to talk to him about his experience with BitNinja. What has been your experience with BitNinja overall? “Before we began using  BitNinja, we had to fight daily battles with hackers. […]

Update: WAF 2.0 became mature. Wooow! Are you ready for something new? Well, we have it!  The long-awaited BitNinja WAF 2.0 beta is now here! Currently, this beta is available for everyone who has Pro or Trial license. But wait! Before you go running to our Dashboard, to switch it on … please take a […]

Why CVE-2025-11833 Matters to Server Admins The recent discovery of CVE-2025-11833 has raised significant alarms in the cybersecurity community. This critical vulnerability impacts the Post SMTP plugin used by WordPress. It allows unauthenticated attackers to access sensitive information, potentially leading to account takeover. Understanding the Threat CVE-2025-11833 is rated with a severity of 9.8 on […]

Introduction The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2025-62275 highlight the need for robust server security. This specific vulnerability affects various versions of the Liferay Portal, exposing them to potential data leaks and unauthorized access. As system administrators, understanding such vulnerabilities is essential to protect your infrastructure. Understanding the Threat CVE-2025-62275 presents a […]

Introduction to CVE-2025-11922 The recent discovery of CVE-2025-11922 highlights a significant vulnerability within the Inactive Logout plugin for WordPress. This flaw impacts all versions up to and including 3.5.5. The vulnerability stems from inadequate input sanitization, enabling attackers with subscriber-level access to inject harmful scripts. What's the Threat? CVE-2025-11922 allows authenticated attackers to exploit the […]