JSON Web Tokens (JWTs) are a widely used method for securely exchanging data in JSON format. Due to their ability to be digitally signed and verified, they are commonly used for authorization and authentication. However, their security depends entirely on proper implementation—when misconfigured, JWTs can…
IP Disclosure of Servers Behind WAFs Using WordPress XML-RPC
The XML-RPC protocol was originally designed to simplify cross-platform communication between applications. However, recent security research has revealed that it can be exploited for IP disclosure attacks. This article explores how XML-RPC functions, its vulnerabilities in WordPress, and how attackers can use it to expose…
Identifying WordPress Websites On Local Networks (behind Firewalls) and Bruteforcing the Login Pages
This article explores how attackers can leverage the XSHM attack to detect WordPress sites operating within internal networks or behind firewalls. It also demonstrates how this method can be used to carry out brute-force login attempts on these protected installations. According to statistics from w3techs,…
Latest product updates
All announcements about Acunetix product updates and new releases are now exclusively available on our changelogs page. For each release, we publish notes to announce new features, new security checks, improvements, and bug fixes. Information about our latest product updates and previous release notes are…
Updated: Launching critical severity in Acunetix Standard & Premium
With the release of Acunetix Standard and Acunetix Premium versions 23.8 and 23.9 comes the addition of critical severity as a new vulnerability classification. Find out which vulnerabilities have changed to critical here. What’s changing? Our vulnerability classification system (High-Medium-Low) has expanded to include a…
Acunetix sunsets support for Windows 8 and Server 2012
A new Acunetix Premium update has been released for Windows and Linux: 15.7 We are sunsetting the support for Windows 8, Server 2012, and Server 2012 R2. To provide you with the best DAST product experience, we regularly update Acunetix. As a result of these…
Acunetix releases a security check for Fortinet RCE flaw
This Acunetix release introduces a new security check for the Fortinet RCE flaw (CVE-2022-39952). The FortiNAC, a network security solution, was discovered to have a vulnerability with a high CVSS score of 9.8, known as CVE-2022-39952. Fortinet disclosed the security issue on February 16. The…
Acunetix improves default roles
A new Acunetix Premium update has been released for Windows and Linux: 15.4 This Acunetix release improves the default roles. Acunetix offers role-based access control (RBAC) to efficiently manage user access. Thanks to RBAC, you can limit or authorize user access to Acunetix based on the…
Acunetix improves user experience and notifications
A new Acunetix Premium update has been released for Windows and Linux: 15.1 This Acunetix release updates its user interface and the notifications list. The user interface features a new navigation menu, which prioritizes features based on how frequently you may need them. The most…