Vulnerability in the Absolute Privacy Plugin
David Dede We are seeing reports that a vulnerability in the Absolute Privacy WordPress plugin (link) is being used to hack and compromise sites with it installed.…
Browsing Category
WordPress Security
680 posts
New WordPress ToolsPack Plugin
Daniel Cid We deal with many compromised sites daily and lately we are seeing something in common across many of the sites running WordPress. They have installed…
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability…
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player…
WordPress 3.3 is Out
For all our WordPress users, please remember to update to WordPress 3.3 that was just released. It should be a quick 1-click process in your…
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search…
Dre Armeda: WordPress End-User Security
Sucuri Co-Founder Dre Armeda did a great presentation at WordCamp Chicago about end-user security for WordPress users. Check out the video here: Dre will also…
Timthumb.php Mass Infection – Aftermath – Part I
If you use WordPress you’re probably aware of the mass infection caused by a vulnerability in the timthumb.php script, a photo manipulation script included in…
Remove Unused/Testing/Debug Software From Your Site
Dre Armeda We constantly see sites hacked due to vulnerabilities in various tools. In most cases, site owners don’t even realize they are there, or don’t even…
Evil backdoors – Part II
A few months ago we did a post about backdoors, explaining how they work and how to look for them. If you didn’t read it,…
Mass Spam Infection From Wplinksforwork Dot Com (50k+ WordPress Sites Hacked)
Last year we spoke about the siteurlpath blackhat SEO attack that was infecting many WordPress sites with spam. But, how many? We had no clue…