Security Advisory: Persistent XSS in WP-Super-Cache
Marc-Alexandre Montpas During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a…
Browsing Category
WordPress Security
680 posts
Website Malware – The SWF iFrame Injector Evolves
Peter Gramantik Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF…
WordPress Malware Causes Psuedo-Darkleech Infection
Denis Sinegubko Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to insert hidden iframes with certain…
Understanding WordPress Plugin Vulnerabilities
Daniel Cid When WordPress vulnerabilities are disclosed in plugins, there are often many questions. Some are minor issues, some are more relevant, while others are what we’d…
Inverted WordPress Trojan
A trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously…
Security Advisory: MainWP-Child WordPress Plugin
Mickael Nadeau During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to WordPress.org, it…
Malware Cleanup to Arbitrary File Upload in Gravity Forms
Rodrigo Escobar During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it…
Security Advisory – WP-Slimstat 3.9.5 and Lower
WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
Zero-day in the Fancybox-for-WordPress Plugin
Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…
Advisory – Dangerous “nonce” Leak in UpdraftPlus
If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…