Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
Denis Sinegubko This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world —…
Browsing Category
WordPress Security
672 posts
OS Command Injection in WP-Database-Backup
Marc-Alexandre Montpas On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a…
WordPress Hacks: 5 Ways to Protect WordPress from Hacking
Dutch Hill WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33%…
Malware Campaign Evolves to Target New Plugins: May 2019
John Castro A long-lasting malware campaign targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. Easily automated…
Return to the City of Cron – Malware Infections on Joomla and WordPress
Luke Leal We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had…
Threat intelligence gathering from slight changes in malicious code samples
We found the following PHP backdoor in August 2018 along with other malware samples uploaded after hackers exploit a specific vulnerable WordPress plugin covered in…
.htaccess Injector on Joomla and WordPress Websites
Eugene Wozniak During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website,…
Slimstat: Stored XSS from Visitors
Antony Garand The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain…
Persistent Cross-site Scripting in WP Live Chat Support Plugin
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat…
WordPress Plugin Give – Stored XSS for Donors
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit…
array_diff_ukey Usage in Malware Obfuscation
We discovered a PHP backdoor on a WordPress installation that contained some interesting obfuscation methods to keep it hidden from prying eyes: $zz1 = chr(95).chr(100).chr(101).chr(115).chr(116).chr(105).chr(110).chr(97).chr(116).chr(105).chr(111).chr(110);…