Security Advisory: Stored XSS in bbPress
Marc-Alexandre Montpas During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on…
Browsing Category
WordPress Security
662 posts
Beware of Unverified TLS Certificates in PHP & Python
Peter Kankowski Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your…
Ask Sucuri: How Does Sucuri Clean a Website?
Daniel Cid Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To…
When a WordPress Plugin Goes Bad
Denis Sinegubko Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the…
Behind the Malware – Botnet Analysis
Antony Garand While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The…
Seo-moz.com SEO Spam Campaign
Bruno Zanelato Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by…
Server Security: Import WordPress Events to OSSEC
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System…
Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those…
Using WPScan: Finding WordPress Vulnerabilities
Alycia Mitchell When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…