WP-VCD Malware Comes with Nulled Themes
Denis Sinegubko Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…
Browsing Category
WordPress Security
666 posts
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
Marc-Alexandre Montpas On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are…
SQL Injection in bbPress
During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If…
New wave of wp-vcd Malware
Krasimir Konov Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.The malware, well analysed by…
New WordPress Security Guide
Rianna MacLeod WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a…
Cryptominers on Hacked Sites – Part 2
Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised…
Attackers leveraging WP Maintenance plugin to deface websites
Bruno Zanelato Recently, during a website investigation, we detected that attackers have been modifying the database structure of WP Maintenance plugin (which is a very popular wordpress…
Fake Plugins, Fake Security
Peter Gramantik Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are…
Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
Rodolfo Assis Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for…
Simple self updating hacktool
Pedro Peixoto While working on a compromised website, it’s very common to encounter hacktools. Those are like the attackers’ swiss knife, allowing them to perform several tasks…
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…