• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Blog Category: Security Advisory

security-alerts-blog-category

View the latest security advisories for website owners to keep aware of. Learn how to protect your site in the changing landscape of security with the latest insights from our research and incident response teams. Stay aware of the latest vulnerabilities affecting websites and content management systems like WordPress, Joomla, Drupal, and Magento.

Sucuri labs

July 6, 2020John Castro

Vulnerabilities Digest: June 2020

Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization. Massive local file inclusion (LFI) attempts have been discovered…

Read More about Vulnerabilities Digest: June 2020

Labs Note

June 19, 2020John Castro

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated…

Read More about Vulnerable Plugins: June 2020 Update

Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

March 4, 2020Northon Torga

Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid…

Read More about Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug

WordPress Vulnerability Detail

January 16, 2020Marc-Alexandre Montpas

Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4 

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one…

Read More about Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4 

October 28, 2019Luke Leal

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…

Read More about Fake French Police Sextortion Scam

cPanel

October 8, 2019Luke Leal

An Indirect Way to Change cPanel Passwords

There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in…

Read More about An Indirect Way to Change cPanel Passwords

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

September 25, 2019Marc-Alexandre Montpas

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…

Read More about Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Website Malware Infection

September 18, 2019Luke Leal

Fake Human Verification Spam

We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced…

Read More about Fake Human Verification Spam

WordPress Security Alert

September 16, 2019John Castro

Misuse of WordPress update_option() function Leads to Website Infections

In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of  WordPress’ update_option() function. This function is used to update a…

Read More about Misuse of WordPress update_option() function Leads to Website Infections

July 5, 2019Gabriel Barbosa

Spam That Fits Your Website

Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to drugs, accessories, or essays. But…

Read More about Spam That Fits Your Website

Lightbox Adware - From Innocent Scripts to Malicious Redirects

June 17, 2019Cesar Anjos

Lightbox Adware – From Innocent Scripts to Malicious Redirects

It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the worse quite easily. What if…

Read More about Lightbox Adware – From Innocent Scripts to Malicious Redirects

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.