Website Security News
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This issue was disclosed months ago and the MailPoet team patched it promptly. It seems, though, that many website owners have…
Read More about WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my family and everyday I work…
Read More about Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the…
Read More about MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website…
Read More about Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options…
Read More about 0day Vulnerability in Easy WP SMTP Affects Thousands of Sites
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details…
Read More about WordPress Malware – VisitorTracker Campaign Update
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin…
Read More about FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
If you’re using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall (WAF), we found a dangerous…
Read More about Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don’t belong, and malicious lines injected…
Read More about Manipulating WordPress Plugin Functions to Inject Malware
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message…
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet…
Read More about Thoughts on WordPress Security and Vulnerabilities
