Malicious WordPress User Hijacker
Luke Leal Our analyst Liam Smith recently found a malicious file with the name wp-atom2.php on a compromised WordPress site that had been infected with pharma spam.…
Browsing Category
Sucuri Labs
336 posts
Magento Login Stealer in Fake bg_white.png Image
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The…
Magento Credit Card Stealer: harilov[.]com
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It…
Email Scraper: Mass Mail Grabber from Database
One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary…
PHP Dropper Concealed in Malicious WordPress Plugin
Moe Obaid – an analyst from our Remediation Team – recently found a PHP dropper that had been installed as a malicious WordPress plugin. Unlike…
Stored XSS in Elementor
Marc-Alexandre Montpas During a routine audit of WordPress plugins last december, we discovered a Stored XSS vulnerability in the very popular Elementor Page Builder plugin, which powers…
Vulnerabilities Digest: January 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs InfiniteWP Client Login bypass 1.9.4.5 300000 ListingPro Reflected XSS 2.5.4 13000 Travel Booking Stored XSS 2.7.8.6…
Webshell in Fake Plugin /blnmrpb/ Directory
Our team recently discovered a web shell attempting to hide within a fake WordPress plugin directory wp-content/plugins/blnmrpb/. Inside this fake plugin directory were only two…
Backdoor Found in Compromised WordPress Environment
Our security analyst Ben Martin recently came across a backdoor in a compromised WordPress installation that had been injected into the first line of the…
Simple WAF Evasion Backdoor
Our team recently located a malicious PHP file on a compromised website which claims to evade web application firewalls, with the intention of downloading a…
DoS Tool: 403.php
One of our analysts, Kaushal Bhavsar, found a malicious DoS file within a compromised website’s filesystem under the filename 403.php. Aptly named after 403 error…