Backdoor plugin hides from view
Luke Leal One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…
Browsing Category
WordPress Security
672 posts
WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update
John Castro With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase…
Icegram Persistent Cross-Site Scripting
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and…
7 Things You Should Monitor in WordPress Activity Logs
Victor Santoyo WordPress activity logs can be helpful when troubleshooting or trying to identify a hack. In this article, you’ll learn about the seven things you should…
Spam That Fits Your Website
Gabriel Barbosa Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to…
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
Antony Garand The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.…
Massive 1800ForBail WordPress Hacks
Denis Sinegubko Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the…
Plugins Under Attack: June 2019
A long-lasting malware campaign (1,2) targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. As…
Spam Injector Masquerading as Google Analytics
Keith Petkus The domain en-google-analytic[.]com, currently sinkholed by a security intelligence company, has been observed by our team to be part of a mass spam injection campaign.…
Leveraging Stored Procedures for Nefarious Purposes
Bruno Zanelato Here at Sucuri, we clean thousands of websites on a daily basis, and while some of them are easy to solve, others may require more…
Hiding a Hacktool Using a .jpg Extension
Hackers will do anything to hide their intentions behind the files they upload to compromised websites. This time, we’ve found a hacktool hidden inside a…