Leveraging the WordPress Platform for SPAM

Hacker installed Basic WordPress

We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn’t a major problem for most websites these days. I have seen however, a n
Read More

Security Advisory – High Severity– WordPress Download Manager

Sucuri- WP-DownloadManager-Ajaxcall

Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Patched Version: <2.7.5 If you’re using the popular WP Download M
Read More

Security advisory – High severity – InfiniteWP Client WordPress plugin

Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you’re using the
Read More

JoomDonation Compromised

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the registered accounts and contained the full names, so it
Read More

Typos Can have a Bigger Impact Than Expected

Brazil is largest by far, followed by Italy and US

Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that? You may have seen the Grammar Police all over your comments yelling that you used t
Read More

Protecting Against Unknown Software Vulnerabilities

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have security implications. These are known as vulnerabilities, and they can be used to
Read More

Website Malware Removal: Phishing

Infected Joomla website, phishing with fake Chase Bank page

As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a "phisher-man" will try their luck baiting users with fake pages,
Read More

Security Advisory – High severity – WP-Statistics WordPress Plugin

Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you’re using the W
Read More

RSS Reveals Malware Injections

Search results for malicious code

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search
Read More

Deep Dive into the HikaShop Vulnerability

PHPMailer class method require_once

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object I
Read More