Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
SEO Hacktool: Sitemap Generator
Luke Leal An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For…
Reverse String WooCommerce WordPress Credit Card Swiper
Ben Martin As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential…
Skimmers in Images & GitHub Repos
Denis Sinegubko MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue.…
Malicious Magento User Creator
Krasimir Konov We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” — probably referring…
Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a…
Web Professional Security Survey 2020
Art Martori According to recent statistics, the web design industry in the United States is now worth more than $40 billion each year. It’s why our annual…
Spox Phishing Kit Harvests Chase Bank Credentials
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These…
Pirated WordPress Plugins Bundled with Backdoors
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although…
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…
Dangerous Website Backups
It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise…