Understanding the Impacts of CVE-2025-11502 Recently, a vulnerability identified as CVE-2025-11502 was reported for the Schema & Structured Data for WP & AMP plugin used in WordPress. This vulnerability involves authenticated users being able to execute arbitrary JavaScript through stored cross-site scripting (XSS) attacks. This makes it crucial for system administrators and hosting providers to […]

Understanding CVE-2025-11927 and Its Impact on Server Security The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2025-11927 serve as a reminder of the risks that hosting providers and system administrators face. This critical vulnerability allows authenticated attackers to exploit the Flying Images WordPress plugin for stored cross-site scripting (XSS). This blog discusses its implications […]

Understanding the Impacts of CVE-2025-11502 Recently, a vulnerability identified as CVE-2025-11502 was reported for the Schema & Structured Data for WP & AMP plugin used in WordPress. This vulnerability involves authenticated users being able to execute arbitrary JavaScript through stored cross-site scripting (XSS) attacks. This makes it crucial for system administrators and hosting providers to […]

Understanding CVE-2025-11927 and Its Impact on Server Security The cybersecurity landscape is constantly evolving, and vulnerabilities like CVE-2025-11927 serve as a reminder of the risks that hosting providers and system administrators face. This critical vulnerability allows authenticated attackers to exploit the Flying Images WordPress plugin for stored cross-site scripting (XSS). This blog discusses its implications […]

On 12th May 2017, the biggest cyber attack of recent times has happened and the threat is still present. Started from Europe and within a couple of hours has grown into a worldwide virus. The crisis has been caused by the WannaCry ransomware and its variants. The virus locks the infected computer and informs the users with […]

In this article, we are writing about how to secure automated decryption, based on Nathaniel McCallum’s presentation at DevConf 2017. One thing is certain, the security of our data is one of the most important things in this digital day and age. We always had a plan to protect our data, but as time changes, that […]

In this article, we would like to summarize our recently released developments, which impact the daily life of our clients. First of all, ... TheHTTPS Captcha: If you enable this feature in your agent, BitNinja will be able to present a Captcha on HTTPS. This will make the IP removal from our greylist possible just […]

Hacking has become a huge part of our lives, partly because of popular culture and partly because it can give us some serious headaches when they mess with our beloved computers.  Usually, people see them as either harmful cyber-criminals or as freedom-fighters. But in this article, we are talking about a third group of hackers, […]

A part of our Ninjastic Team participated in WHD Global in Rust, Germany for the second time. We gained a lot of experience, made new friends, learned about the trends of our industry and broadened our customer base. If you want to see the exhibition through the Ninjas' eyes, read on. The WHD staff really […]

This week we released a new version of BitNinja, which contains many significant performance improvements. But what are the changes exactly? We limited the SS usage of our Outbound WAF module. It will only use SS if a malicious request is caught. Its result will be a significant drop in BitNinja's CPU usage. Our SenseLog […]

Last week the Chief Content Manager of HostAdvice, a company who provides transparent and handy advice for those who are looking for Hosting Providers, interviewed our CEO George Egri about the nitty-gritty details of BitNinja. They have covered topics like: Why this product is better than other solutions George's views about the future of security […]

XML-RPC attacks are “trending” nowadays. If you search for “XML-RPC attack” on Google, you can see approximately 380,000 results. Most of the articles deal with XML-RPC attacks on WordPress-based websites. What is XML-RPC? RPC stands for remote procedure call and XML is the abbreviation of Extensible Markup Language. XML is widely used to represent data […]

In this article we will be dealing with OpenShift and Kubernetes technology. You can find some explanations about the terms used at the end of the article. If you want to take the neccessary steps to upgrade your own application, the first thing to do will be turning your pile of code into a container […]

Recent Vulnerability Alert: CVE-2025-11995 The Community Events plugin for WordPress has been found vulnerable to a significant security flaw coded as CVE-2025-11995. This vulnerability opens doors for unauthenticated attackers to inject arbitrary scripts via the event details parameter, affecting all plugin versions up to and including 1.5.2. The issue stems from inadequate input sanitization and […]

Introduction In today's digital landscape, maintaining server security is a top priority. Recently, a significant vulnerability has been reported that affects the Schema Scalpel plugin for WordPress. This vulnerability can lead to serious concerns for system administrators and hosting providers. Understanding this threat and mitigating its impact is crucial for anyone managing a server. Overview […]

Discover the CVE-2025-5949 Vulnerability The recently identified CVE-2025-5949 vulnerability targets the Service Finder Bookings plugin for WordPress. This crucial flaw allows authenticated users to escalate privileges, potentially compromising the accounts of other users, including administrators. Affected versions include all before 6.0. The lack of proper user identity validation during password change requests leads to critical […]