WordPress Admin Login Stealer
Krasimir Konov During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…
Browsing Category
WordPress Security
672 posts
Duplicated Vulnerabilities in WordPress Plugins
Antony Garand During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.…
Fake M-Shield WordPress Plugin
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with…
Obfuscated WordPress Malware Dropper
Luke Leal It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating…
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects…
Analysis of a WordPress Credit Card Swiper
Ben Martin While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card…
Fake License.txt File Loaded Through PHP Include
Our team recently found a malicious injection located within a PHP include. The redirect occurs via the include function, which includes a file inconspicuously named…
Face Mask Spam Links Injected in WordPress Database
During a recent malware removal request, we found a compromised WordPress site being used to redirect to spam websites. The campaign was leveraging an increase…
Vulnerabilities Digest: March 2020
John Castro Fixed Plugins and Vulnerabilities Plugin Vulnerability Patched Version Installs Cookiebot Reflected Cross-Site Scripting 3.6.1 40000 Data Tables Generator By Supsystic Authenticated Stored XSS 1.9.92 30000…
Reflected XSS in Cookiebot Administrative Page
A reflected XSS vulnerability has recently been found in the Cookiebot plugin plugin, impacting a user base of over 40k installs. Versions prior to 3.6.1…
Extract Function Backdoor Variant
We recently found malware on a client’s WordPress site that was using a variant of a backdoor that we previously covered back in 2014. The…