Recently we have been working on some big improvements to WPVulnDB, which you will see being released over the next few weeks. Below is a list of the improvements which will impact users the most.More
WPVulnDB APIv2 Deprecation
We released APIv3, the successor to APIv2, on March 20th 2018. The new APIv3 requires users to register a free account on wpvulndb.com and use an API Token to access our API. With the old APIv2, no user registration or API Tokens were required. Requiring API Tokens meant that we could easily identify heavy usage of our API by a particular user, which may have affected other API users, and more easily prevent abuse.More
Offensive Security PEN-200 OSCP Course Giveaway
WordPress Database Backup Files
What are database backup files?
There are many tools and WordPress plugins that allow you to create a backup of your database and export it to a file. Sometimes these backup files can end up in publicly accessible locations and with predictable names, such as backup.sql
, database.sql
, example.com.sql
, and so on.
What are the security risks with WordPress database backup file exports?
As mentioned above, if these database backup file exports are left in a publicly accessible directory on the webserver with a predictable file name, then they could easily be accessed by an attacker. All the attacker has to do is guess the correct backup file name and its directory to download the file.