Return to the City of Cron – Malware Infections on Joomla and WordPress
Luke Leal We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had…
Browsing Category
WordPress Security
646 posts
Threat intelligence gathering from slight changes in malicious code samples
We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…
.htaccess Injector on Joomla and WordPress Websites
Eugene Wozniak During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website,…
Slimstat: Stored XSS from Visitors
Antony Garand The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain…
Persistent Cross-site Scripting in WP Live Chat Support Plugin
John Castro During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat…
WordPress Plugin Give – Stored XSS for Donors
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit…
array_diff_ukey Usage in Malware Obfuscation
We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…
Multiple Vulnerabilities in the WordPress Ultimate Member Plugin
The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and…
Persistent XSS via CSRF in WP Meta and Date Remover
During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability…
Insufficient Privilege Validation in WooCommerce Checkout Manager
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting…
Plugins Added to Malicious Campaign
We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time.…