Get started today. Now with 10-16% off!

Knowledge Base

What Is Cross-Site Request Forgery (CSRF)

Cross-site request forgery (also known as CSRF) is an internet security vulnerability that allows an attacker to trick a user into performing an action they don't want. This allows attackers to partially bypass the same-origin policy designed to prevent different websites from interfering with each other. A successful CSRF attack forces the victim user to perform an unintended action. For example, changing your account email address, changing your password, sending money, etc. Depending on the nature of the action, the attacker could gain complete control of the user's account. If the...

read more

What Is Open Redirect Vulnerability

An open redirect vulnerability occurs when an application allows a user to control redirects or redirect to another URL. If the app fails to validate untrusted user input, an attacker could provide a URL that redirects an unsuspecting victim from a legitimate domain to the attacker's phishing site. Attackers exploit open redirects to make phishing attacks more credible. Most users check for legitimate and trusted domains but are unaware of redirects to phishing sites. Although this vulnerability does not necessarily directly affect legitimate applications, it can adversely affect the...

read more

What Is Prototype Pollution

Prototype Pollution Bugs Prototype Pollution is a vulnerability that allows attackers to exploit the rules of the JavaScript programming language, by injecting properties into existing JavaScript language construct prototypes, such as Objects to compromise applications in various ways. JavaScript allows all Object attributes to be altered. This includes their magical attributes such as __proto__, constructor and prototype. An attacker is able to manipulate these attributes to overwrite, or pollute a JavaScript application object prototype of the base object, by injecting other values....

read more

What Is Remote Code Execution

Improper Control of Generation of Code ("Code Injection") The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. When software allows a user's input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution. Injection problems encompass a...

read more

What Is Improper Input Validation

Improper Input Validation Bugs The software receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts...

read more

What Is Cross-site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Cross-site scripting (XSS) vulnerabilities occur in specific conditions Untrusted data enters a web application, typically from a web request. The web application dynamically generates a web page that contains this untrusted data. During page generation, the application does not prevent the data from containing content that is executable by a web browser, such as...

read more

What Is SQL Injection (SQLi)

Improper Neutralization of Special Elements used in an SQL Command The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. This can be used to alter query logic to bypass security checks, or to...

read more

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from WordPress.org repository only.

Sign up for the security newsletter