Wrong content-type to XSS
John Castro WordPress Social Sharing Plugin – Sassy Social Share, which currently has over 100000 installations just fixed a Cross Site Scripting Vulnerability. This bug allows attackers…
Browsing Category
WordPress Security
672 posts
Vulnerable Versions of Adminer as a Universal Infection Vector
Denis Sinegubko This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting…
Skimmers for Both Magento and WordPress
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers…
Plugins added to Malware Campaign: October 2019
This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…
Pharma Spam Redirects to .su & .eu Sites
We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy”…
Data URLs and HTML Entities in New WordPress Malware
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first…
Fake UpdraftPlus Plugins
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins…
Cryptominers & Backdoors Found in Fake Plugins
Krasimir Konov When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also…
Plugins added to Malware Campaign: September 2019
This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…
A New Wave of Buggy WordPress Infections
We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for…
Raising Awareness: WPBeginner Spotlight
Chase Watts We’re dedicated to creating the best website security guides and professional services. One way we get our message out is by partnering with open-source CMS…