Code Comments Reveal SCP 173 Malware
Luke Leal We sometimes find malware code injections that contain strange code comments, which are normally used by programmers to annotate a section of code — for…
Browsing Category
WordPress Security
674 posts
Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
R_Evil WordPress Hacktool & Malicious JavaScript Injections
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…
Backdoor Shell Dropper Deploys CMS-Specific Malware
Krasimir Konov A large majority of the malware we find on compromised websites are backdoors that allow an attacker to maintain unauthorized access to the site and…
WordPress Malware Disables Security Plugins to Avoid Detection
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if…
Reflected XSS in WordPress Plugin Admin Pages
Antony Garand The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little…
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of…
Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
Reverse String WooCommerce WordPress Credit Card Swiper
Ben Martin As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential…
Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a…
Pirated WordPress Plugins Bundled with Backdoors
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although…