Browsing Category
WordPress Security
598 posts
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was…
From Web3 Drainer to Distributed WordPress Brute Force Attack
Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…
New Wave of SocGholish Infections Impersonates WordPress Plugins
SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This…
WordPress Vulnerability & Patch Roundup February 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
WordPress Hacked: What to Do When Your Site is Compromised
OK – your WordPress site is hacked. Now what? Questions we frequently get from new users are, “Why was my WordPress site hacked?” and “What…
What is HTTP Error 403 & How to Fix It
Error 403 – Forbidden can be a frustrating interruption to anyone’s day. This common error can lead to exasperated website visitors, even resulting to lost…
Vulnerability & Patch Roundup January 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
How to Find, Change & Protect the WordPress Login URL: A Beginner’s Guide
If you’ve recently launched a WordPress website, you might be asking, “How do I log in to WordPress?” or “Where is my WordPress login located?”…
How to Fix Google Ads Disapproved Due to Malicious or Unwanted Software
Were your Google Ads just disapproved after a website compromise? Or, are you seeing policy violations for malicious or unwanted software in your Google Ads…
Thousands of Sites with Popup Builder Compromised by Balada Injector
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…
WordPress Vulnerability & Patch Roundup December 2023
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…