Stored XSS in WordPress Core
Marc-Alexandre Montpas As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only…
Browsing Category
WordPress Security
672 posts
SQL Injection Vulnerability in NextGEN Gallery for WordPress
Slavco Mihajloski As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…
WordPress Security – Fake TrafficAnalytics Website Infection
Rodrigo Escobar Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for…
RCE Attempts Against the Latest WordPress REST API Vulnerability
Daniel Cid We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after…
JavaScript Injections Leads to Tech Support Scam
Krasimir Konov During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing…
WordPress REST API Vulnerability Abused in Defacement Campaigns
WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF…
Content Injection Vulnerability in WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…
Spotlight: Website Security Response for Photographers
Alycia Mitchell It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart.…
Fake bb_press Plugin Redirects to Mobile Pornography
Fernando Barbosa When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access…
Hooking WordPress Class to Hide Malicious Users
John Castro When a website is compromised, attackers perform post-exploitation tasks to maintain access to the site for as long as possible. One of these actions is…
Hacked Website Report – 2016/Q3
Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri…