Website Security News
Our Senior Malware Engineer, Fioravante Cavallari, is at it again. I think he has made it his personal mission in life to expel all Joomla hacks, he loves them that much – true story.. π In all seriousness, he found another gem yesterday. It’s well…
Read More about Website Malware – Fixing Joomla SPAM Hacks – Conditional Payloads
We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation,…
When we started Sucuri we set out to make enterprise security accessible, affordable, and effective for every day webmasters. It was at a time when open-source platforms like WordPress, Joomla!,…
Read More about Bridging the Gap Between Application and Network Security with CleanBrowsing
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable…
Read More about Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0…
As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a…
Read More about Reverse String WooCommerce WordPress Credit Card Swiper
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and…
Itβs hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But…
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection — 100000 Add-on SweetAlert Contact Form…
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By Phoeniixx Reflected XSS Closed 2000…
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from…
