Multiple Vulnerabilities in the WordPress Ultimate Member Plugin
Antony Garand The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and…
New Guide on the Sucuri Referral Program
Chase Watts Referral programs and affiliate marketing opportunities can be found on many web-based company sites, however, often they’re overlooked. Commonly people consider these programs as something that…
Free Website Security Consultation for GoDaddy Pros
Alycia Mitchell Sucuri is partnering with GoDaddy Pro to make the internet more secure, one website professional at a time. Developers, designers, agencies, and freelancers now have…
Images Loading Credit Card Swipers
Denis Sinegubko We’ve come across an interesting approach to injecting credit card swipers into Magento web pages. Instead of injecting a real script, attackers insert a seemingly…
xmlrpc.php Brute Force Tool
Luke Leal We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…
Persistent XSS via CSRF in WP Meta and Date Remover
John Castro During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability…
Replica Spam on Poorly Maintained ASP Site
Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages. The other day…
Cronjob Backdoors
Cesar Anjos Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level…
How Stolen Ecommerce Data is Sold on the Darknet
We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals).…
Insufficient Privilege Validation in WooCommerce Checkout Manager
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting…
Typo 3 Spam Infection
Ben Martin Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now…