In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.
Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience.
This month, our Malware Research and Incident Response teams disclosed a WordPress plugin vulnerability and wrote about a web shell packer.
B374k Web Shell Packer
by Luke Leal
B374k is one of the most common PHP web shells. Hackers have been loading it onto compromised websites.
Our malware researcher explains how bad actors can use a PHP packer script to add or remove different features like a file manager, database connect, and email before generating the b374k shell file.
Unauthenticated Stored Cross Site Scripting in WP Product Review
by John Castro
The Vulnerability Research Team discovered an unauthenticated persistent cross-site scripting (XSS) that has been affecting 40,000+ users of the WP Product Review plugin.
Our researcher explains how a defect in the WordPress plugin WP Product Review versions older than 3.7.6 can lead to persistent cross-site scripting. A successful attack results in malicious scripts being injected in all the site’s products.
Vulnerabilities Digest: May 2020
by John Castro
In May’s vulnerability digest you will find a list of vulnerable WordPress plugins, the vulnerabilities that are currently affecting them, and their patched version if available.
We also write about the main attack highlights:
- Cross-site scripting remains the number-one vulnerability.
- The number of unprotected AJAX action bugs are still ramping up.
- The plugins and new malicious IPs which were added to a massive WordPress malware campaign.
Yuliyan Tsvetkov
Marc Kranat
Douglas Santos
Keir Desailly
Ben Martin
Denis Sinegubko
Northon Torga
Peter Gramantik
Daniel Cid