Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
Rodolfo Assis Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for…
Browsing Category
WordPress Security
680 posts
Simple self updating hacktool
Pedro Peixoto While working on a compromised website, it’s very common to encounter hacktools. Those are like the attackers’ swiss knife, allowing them to perform several tasks…
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Denis Sinegubko Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…
SEO spam loading from external site
Krasimir Konov Many websites get compromised and used for SEO in order to drive traffic to other websites that would usually be ranked very low or completely…
Evil Self-Regenerating WordPress Administrator User
Andrey Kucherov Attackers often aim to conceal their presence using different methods, such as injecting redirect scripts, creating spam pages, or hiding a mailer in checkout pages…
Expired Domain Leads to WordPress Plugin Redirects
A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen…
Small One-liner Backdoor
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was small but had the potential to give the attacker full access to your…
SQL Injection Vulnerability in WP Statistics
John Castro Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you…
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Fernando Barbosa Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove…
Yet Another Expired Domain causes WP Plugin to Redirect Users
Malicious redirects are very common in compromised websites. Attackers try to take advantage of the site resources to promote spam, distribute other malware/backdoors, and perform…
When Your Plugins Turn Against You
Cesar Anjos Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations…