Hacked Websites Redirect to Bitcoin
Denis Sinegubko Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using…
Browsing Category
WordPress Security
662 posts
Critical Persistent XSS 0day in WordPress
Marc-Alexandre Montpas *Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Daniel Cid Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by…
FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited…
Security Advisory: Persistent XSS in WP-Super-Cache
During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…
Website Malware – The SWF iFrame Injector Evolves
Peter Gramantik Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF…
WordPress Malware Causes Psuedo-Darkleech Infection
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to insert hidden iframes with certain…
Understanding WordPress Plugin Vulnerabilities
When WordPress vulnerabilities are disclosed in plugins, there are often many questions. Some are minor issues, some are more relevant, while others are what we’d…
Inverted WordPress Trojan
A trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously…
Security Advisory: MainWP-Child WordPress Plugin
Mickael Nadeau During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to WordPress.org, it…
Malware Cleanup to Arbitrary File Upload in Gravity Forms
Rodrigo Escobar During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it…