Conditional Malicious iFrame Targeting WordPress Web Sites
Fioravante Souza We have an email address, labs@sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen…
Browsing Category
WordPress Security
680 posts
WordFence WordPress Security Plugin Pushes a Security Update
David Dede If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a…
The WordPress Security Plugin Ecosystem
Tony Perez As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one…
Slider Revolution Plugin Critical Vulnerability Being Exploited
Daniel Cid 12.17.2014: See more information on the SoakSoak massive malware outbreak resulting from this vulnerability: RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise by Daniel Cid…
My WordPress Website Was Hacked
Before you freak out, allow me to clarify. It was one of several honeypots we have running. The honeypots are spread across the most commonly…
Thoughts on WordPress Security and Vulnerabilities
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically…
Website Malware: Mobile Redirect to BaDoink Porn App Evolving
Peter Gramantik Recently, we wrote about a malware redirect causing compromised sites to redirect their visitors to pornographic content (specifically, the BaDoink app). You can read more…
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
Marc-Alexandre Montpas If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we…
WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue…
New Brute Force Attacks Exploiting XMLRPC in WordPress
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what…
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due…