TimThumb.php Vulnerability Not Only Affecting Themes – Plugins too
David Dede The Timthumb.php vulnerability is being used in the wild to hack and infect thousands of WordPress sites. Hopefully everyone is checking their themes and updating…
Browsing Category
Vulnerability Disclosure
254 posts
Non-Stop Attacks Against osCommerce – Time to Take Action
The malware attacks against osCommerce sites are still going at full force and the site owners have to take action to secure and update their…
Update to the Superpuperdomain2.com malware
Just a quick update to the Superpuperdomain2.com/Superpuperdomain.com malware infection that has been affecting thousands of WordPress sites with the vulnerable timthumb.php script. You can read…
WordPress Sites Hacked with Superpuperdomain2.com
A few days ago we posted about a series of attacks that were happening against WordPress sites running the vulnerable timthumb.php script. We detected thousands…
Timthumb Security Vulnerability – List of Themes
The Timthumb 0-day security vulnerability is generating a lot of noise and for good reason. If you have a theme that includes TimThumb, your site…
Timthumb.php Security Vulnerability – Just the Tip of the Iceberg
There has been some buzz about a zero day vulnerability found in Timthumb.php that can allow for arbitrary file uploads. Although this is a platform…
Keeping Your WordPress Themes Updated
Dre Armeda We talk a lot about keeping WordPress and the plugins you use updated. That’s great and all, but you also have to remember that it…
WP-phpmyadmin WordPress plugin – Delete it now
If you are using the WP-phpmyadmin WordPress plugin, delete it now. We are seeing multiple sites getting hacked through it and we are investigating what…
WordPress plugins hacked – Understanding the backdoor
If you haven’t heard about it already, yesterday three popular WordPress plugins (AddThis, WPtouch, and W3 Total Cache) had a malicious backdoor added to them…
Information Leakage on multiple WordPress themes by WooThemes
This weekend there was a post on the Full disclosure list about multiple vulnerabilities on some WordPress themes by WooThemes. This is what the message…
VBulleting SQL injection vulnerability – Update now
A serious SQL injection vulnerability was reported on Vbulletin (4.0.x, 4.1.0, 4.1.1 and 4.1.2) last month and we are starting to see it being used…