Fake WordPress Functions Conceal assert() Backdoor
Douglas Santos A few weeks ago, I was manually inspecting some files on a compromised website. While checking on a specific WooCommerce file, I noticed something interesting.…
Browsing Category
WordPress Security
666 posts
Hackers Love Expired Domains
Luke Leal Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all…
Hidden SEO Spam Link Injections on WordPress Sites
Often when a website is injected with SEO spam, the owner is completely unaware of the issue until they begin to receive warnings from search…
Code Comments Reveal SCP 173 Malware
We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for…
Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
R_Evil WordPress Hacktool & Malicious JavaScript Injections
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…
Backdoor Shell Dropper Deploys CMS-Specific Malware
Krasimir Konov A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and…
WordPress Malware Disables Security Plugins to Avoid Detection
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if…
Reflected XSS in WordPress Plugin Admin Pages
Antony Garand The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little…
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of…
Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…