Website Security News
View the latest security advisories for website owners to keep aware of. Learn how to protect your site in the changing landscape of security with the latest insights from our research and incident response teams. Stay aware of the latest vulnerabilities affecting websites and content management systems like WordPress, Joomla, Drupal, and Magento.
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is…
Read More about Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4
There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…
There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in…
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced…
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a…
Read More about Misuse of WordPress update_option() function Leads to Website Infections
Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to drugs, accessories, or essays. But…
It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the worse quite easily. What if…
Read More about Lightbox Adware – From Innocent Scripts to Malicious Redirects
Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a…
Referral programs and affiliate marketing opportunities can be found on many web-based company sites, however, often they’re overlooked. Commonly people consider these programs as something that they, “should leave to the…
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to…
Read More about Reset Email Account Passwords After a Website Malware Infection
