SQL Injection Vulnerability in Ninja Forms
Marc-Alexandre Montpas As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the Ninja Forms plugin for WordPress, currently…
Browsing Category
WordPress Security
662 posts
Analyzing and Cleaning Hijacked Google SEO Spam Results
Luke Leal Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display…
Spotlight – How Cart66 Maintains Security for Ecommerce
Alycia Mitchell Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security components, Cart66 provides everything…
A Plugin’s Expired Domain Poses a Security Threat to Websites
Krasimir Konov Do you keep all of your website software (including third-party themes, plugins, and components) up to date? You should! We always recommend this to our…
Spotlight: How iThemes Manages Their Website Security
iThemes was one of the first premium theme shops for WordPress. Over the years their focus has expanded to include premium WordPress plugins that help…
Realstatistics Malware Campaign Leads To Ransomware
Daniel Cid Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last two weeks ( codenamed “Realstatistics“). This campaign has compromised thousands of websites built…
WP Mobile Detector Vulnerability Being Exploited in the Wild
Douglas Santos ***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t…
Security Advisory: Stored XSS in Jetpack
During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…
Nulled WordPress Themes: Malvertising and Black Hat SEO
Denis Sinegubko If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on…
Hacked Website Report – 2016/Q1
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our…
WordPress Redirect Hack via Test0.com/Default7.com
Update 9/14/16: We released a new guide that provides better instructions on how to clean a hacked WordPress site using the Free WordPress security plugin.…