WordPress Security News & Updates

AccessPress Themes Hit With Targeted Supply Chain Attack

Ben Martin
January 20, 2022

Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The…

Read the Post

What Should You do if Your WordPress Site was Hacked?

Ashley Sand
January 19, 2022

These days WordPress infections are very common. In 2021, internetlivestats.com counted over 81 million websites hacked. If you’re one of the millions, you need to…

Read the Post

WordPress 5.8.3 Security Release

Ben Martin
January 7, 2022

On January 6th, an important security update was released for the WordPress core addresses four separate vulnerabilities. WordPress website administrators are advised to update their…

Read the Post

Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Ben Martin
December 21, 2021

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic…

Read the Post

WooCommerce Credit Card Swiper Injected Into Random Plugin Files

Ben Martin
December 6, 2021

It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card…

Read the Post

WordPress Admin Creator – A Simple, But Effective Attack

Kayleigh Martin
December 1, 2021

Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates…

Read the Post

Online Credit Card Theft - A Brief Overview of Online Fraud and Abuse

WooCommerce Skimmer Spoofs Checkout Page

Ben Martin
November 8, 2021

Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt…

Read the Post

WordPress Redirect Hack via Test0.com/Default7.com

Multistage WordPress Redirect Kit

Ben Martin
September 8, 2021

Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware…

Read the Post

Server Side Data Exfiltration via Telegram API

Vulnerable Plugin Exploited in Spam Redirect Campaign

Ben Martin
July 21, 2021

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file…

Read the Post

An Overview of Basic WordPress Hardening

Ben Martin
July 14, 2021

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress…

Read the Post