Massive Malware Infection Breaking WordPress Sites
Peter Gramantik Update: We identified the root cause: MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites. The last few days has brought about…
Browsing Category
WordPress Security
680 posts
Disclosure: Insecure Nonce Generation in WPtouch
Marc-Alexandre Montpas If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…
Ask Sucuri: Who is Logging into My WordPress Site?
Daniel Cid Today, we’re going to revisit our Q&A series. If you have any questions about malware, blacklisting, or security in general, send them to us at:…
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file…
TimThumb WebShot Code Execution Exploit (Zeroday)
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned.…
Spam Hack Targets WordPress Core Install Directories
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other…
WordPress Plugin Alert – LoginWall Imposter Exposed
Rafael Capovilla When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might…
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching…
BaDoink Website Redirect – Malicious Redirections to Porn Websites on Mobile Devices
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the…
PHP Callback Functions: Another Way to Hide Backdoors
We often find new techniques employed by malware authors. Some are very interesting, others are pretty funny, and then there are those that really stump…
Critical Update for JetPack WordPress Plugin
The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to…