WordPress 5.8.3 Security Release
Ben Martin On January 6th, an important security update was released for the WordPress core addresses four separate vulnerabilities. WordPress website administrators are advised to update their…
Browsing Category
WordPress Security
666 posts
Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic…
WooCommerce Credit Card Swiper Injected Into Random Plugin Files
It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card…
WordPress Admin Creator – A Simple, But Effective Attack
Kayleigh Martin Malicious admin users get added to vulnerable WordPress sites often. This can happen in a variety of different ways, and sometimes the malware that creates…
WooCommerce Skimmer Spoofs Checkout Page
Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt…
Multistage WordPress Redirect Kit
Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware…
Vulnerable Plugin Exploited in Spam Redirect Campaign
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file…
An Overview of Basic WordPress Hardening
We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress…
Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal…
Malicious Redirects Through Bogus Plugin
Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors…
WordPress Redirect Hack via Test0.com/Default7.com
Denis Sinegubko Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or…