Security vulnerabilities in Sucuri Security (1)

  • DDOS simulation through IP spoofing – (Sucuri Security <= 1.8.35)

    Affected plugin Sucuri Security Active installs 800,000+ Vulnerable version <= 1.8.35 Audited version 1.8.35 Fully patched version – Recommended remediation Never use the plugin without the remote WAF (premium) enabled Description The plugin is vulnerable to IP spoofing if the remote WAF is not enabled. Currently, the (free) plugin is mostly sending alerts and does […]