Reflected XSS in Advanced Ads Admin Dashboard
Antony Garand A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS…
Browsing Category
Website Malware Infections
854 posts
Innocent Defacement
Cesar Anjos When we talk about defacements, we’re usually referring to attacks leading to a visual takeover of a website’s page ― consider it a form of…
Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
Justin Channell Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
Phishing and Malware via SMS Text Message
Krasimir Konov We’ve recently noticed an increase in reports of phishing and malware being distributed via SMS text messages. During one investigation, we identified fake messages sent…
Vulnerabilities Digest: February 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Duplicator Arbitrary File Download 1.3.28 1000000 Modula Image Gallery Authenticated Stored XSS 2.2.5 70000 Easy Property…
Skimmer Plugin Hides Itself From wp-admin
Luke Leal Our analyst Moe O recently discovered an interesting Javascript injection that was stealing submitted payment data from visitors on a WordPress website with a Woocommerce…
What is Pharma Hack Spam?
Art Martori Have you ever seen a website advertising products that seem unrelated to the apparent purpose of the site? Often, this suspicious content is promising pharmacy…
Malicious WordPress User Hijacker
Our analyst Liam Smith recently found a malicious file with the name wp-atom2.php on a compromised WordPress site that had been infected with pharma spam.…
Magento Login Stealer in Fake bg_white.png Image
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The…
Website Vulnerability vs. Malware – What’s the Difference?
To better understand the difference between website malware and vulnerabilities, imagine your online property is a brick-and-mortar structure. You’d want to keep safe from burglars,…
How to Find & Remove SEO Spam on WordPress
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one…