Reverse String WooCommerce WordPress Credit Card Swiper
Ben Martin As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential…
Browsing Category
WordPress Security
666 posts
Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
Krasimir Konov Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a…
Pirated WordPress Plugins Bundled with Backdoors
Luke Leal One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although…
WordPress Malware Collects Sensitive WooCommerce Data
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in…
Unauthenticated Stored Cross Site Scripting in WP Product Review
John Castro During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review…
WordPress Admin Login Stealer
During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…
Duplicated Vulnerabilities in WordPress Plugins
Antony Garand During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.…
Fake M-Shield WordPress Plugin
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with…
Obfuscated WordPress Malware Dropper
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating…
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects…
Analysis of a WordPress Credit Card Swiper
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card…