WordPress Security News & Updates

Reversed URLs Randomly Redirect to Scams

Denis Sinegubko

December 14, 2017

We are seeing hundreds of infected WordPress sites with the following scripts (in one line) injected in random places in wp_posts table. $vTB$I_919AeEAw2z$KX=function(n){if (typeof ($vTB$I_919AeEAw2z$KX.list[n])…

Read the Post

Malicious Cryptominers from GitHub

Denis Sinegubko

December 7, 2017

Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden…

Read the Post

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

Denis Sinegubko

December 6, 2017

Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an…

Read the Post

WP-VCD Malware Comes with Nulled Themes

Denis Sinegubko

December 6, 2017

Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links. Our readers noticed that the “nulled” premium theme…

Read the Post

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

Marc-Alexandre Montpas

November 24, 2017

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are…

Read the Post

SQL Injection in bbPress

Marc-Alexandre Montpas

November 13, 2017

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If…

Read the Post

New wave of wp-vcd Malware

Krasimir Konov

November 13, 2017

Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.The malware, well analysed by…

Read the Post

New WordPress Security Guide

Rianna MacLeod

November 3, 2017

WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a…

Read the Post

cryptominers on hacked sites blog header

Cryptominers on Hacked Sites – Part 2

Denis Sinegubko

October 25, 2017

Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised…

Read the Post

Attackers leveraging WP Maintenance plugin to deface websites

Bruno Zanelato

October 25, 2017

Recently, during a website investigation, we detected that attackers have been modifying the database structure of WP Maintenance plugin (which is a very popular wordpress…

Read the Post

x-wp-spam-shield-pro malicious fake plugin

WordPress Security

Fake Plugins, Fake Security

Peter Gramantik

September 28, 2017

Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are…

Read the Post