Website Security News
See posts about Joomla! website security including new vulnerability disclosures, research and technical details. Learn how to protect your Joomla! installation and secure your site against emerging threats. If your Joomla! site is infected, read our guide to fixing a Joomla! hack.
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 70000 Real Estate 7 Reflected XSS 3.0.4 8000 CarePlus Reflected…
During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers no less than 3 million+…
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: JCE Vulnerability
At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management systems (CMS) exist in this…
Read More about Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was…
Read More about Return to the City of Cron – Malware Infections on Joomla and WordPress
During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files…
Read More about .htaccess Injector on Joomla and WordPress Websites
We found this backdoor in the middle of the logrss.php file that defined the JDocumentRendererRSS class. …function jregisterClass() { // merge arrays $info = array_merge($_REQUEST,$_COOKIE); // validate parameters if ( !isset($info[‘mlg’]) ) die(…
We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which…
Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research website vulnerabilities and who are…
