WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
David Dede Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue…
Browsing Category
WordPress Security
672 posts
New Brute Force Attacks Exploiting XMLRPC in WordPress
Daniel Cid Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what…
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due…
Massive Malware Infection Breaking WordPress Sites
Peter Gramantik Update: We identified the root cause: MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites. The last few days has brought about…
Disclosure: Insecure Nonce Generation in WPtouch
Marc-Alexandre Montpas If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…
Ask Sucuri: Who is Logging into My WordPress Site?
Today, we’re going to revisit our Q&A series. If you have any questions about malware, blacklisting, or security in general, send them to us at:…
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file…
TimThumb WebShot Code Execution Exploit (Zeroday)
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned.…
Spam Hack Targets WordPress Core Install Directories
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other…
WordPress Plugin Alert – LoginWall Imposter Exposed
Rafael Capovilla When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might…
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching…