Malware Cleanup to Arbitrary File Upload in Gravity Forms
Rodrigo Escobar During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it…
Browsing Category
WordPress Security
674 posts
Security Advisory – WP-Slimstat 3.9.5 and Lower
Marc-Alexandre Montpas WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
Zero-day in the Fancybox-for-WordPress Plugin
Daniel Cid Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…
Advisory – Dangerous “nonce” Leak in UpdraftPlus
If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…
Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam
Ben Martin Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites…
Critical “GHOST” Vulnerability Released
A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security…
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Over the past few weeks our Security Operation Center (SOC) has been seeing some unique and very suspicious requests to some of our servers. At…
Security Advisory – Vulnerabilities in Pagelines for WordPress
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…
WP Symposium – Zero Day Vulnerability Dangers
David Dede Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing…
Analyzing The WordPress SoakSoak Favicon Backdoor
Denis Sinegubko This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a…