Security Advisory: Stored XSS in Jetpack
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…
Browsing Category
WordPress Security
666 posts
Nulled WordPress Themes: Malvertising and Black Hat SEO
Denis Sinegubko If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on…
Hacked Website Report – 2016/Q1
Daniel Cid Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our…
WordPress Redirect Hack via Test0.com/Default7.com
Update 9/14/16: We released a new guide that provides better instructions on how to clean a hacked WordPress site using the Free WordPress security plugin.…
Security Advisory: Stored XSS in bbPress
During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on…
Beware of Unverified TLS Certificates in PHP & Python
Peter Kankowski Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your…
Ask Sucuri: How Does Sucuri Clean a Website?
Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To…
When a WordPress Plugin Goes Bad
Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the…
Behind the Malware – Botnet Analysis
Antony Garand While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The…
Seo-moz.com SEO Spam Campaign
Bruno Zanelato Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by…