Ashiyane Digital Security Team Discovers WordPress Bug

August 12, 2015


On August 12, 2015, the Iranian hacker group Ashiyane Digital Security Team announced that it had discovered a WordPress bug involving XSS/CSRF (Cross Site Scripting/Cross Site Request Forgery) in the Avenir-Soft Direct Download Plug-in. The vulnerability was discovered by team member Mahdi.Hidden and details on it were posted on the group’s website.

It should be mentioned that in the past, Ashiyane DST were referred to by Iranian media sources as a hacker group, but lately they have been called “security experts” or a “security team,” possibly in an attempt to legitimize their image.

Source:, August 12, 2015.