• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Vulnerability

Labs Note

June 19, 2020John Castro

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate Authenticated SQL Injection 5.8.4 40000 Brizy – Page Builder Improper…

Read More about Vulnerable Plugins: June 2020 Update

Labs Note

May 29, 2020John Castro

Vulnerabilities Digest: May 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection — 100000 Add-on SweetAlert Contact Form…

Read More about Vulnerabilities Digest: May 2020

Labs Note

May 1, 2020John Castro

Vulnerabilities Digest: April 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By Phoeniixx Reflected XSS Closed 2000…

Read More about Vulnerabilities Digest: April 2020

Labs Note

July 11, 2019John Castro

WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update

With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase in suspicious requests, revealing an…

Read More about WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update

Labs Note

March 29, 2019Denis Sinegubko

Social Warfare Vulnerability Probes

After a recent disclosure of the Social Warfare plugin vulnerability, we’ve seen massive attacks that inject malicious JavaScripts into the plugin options. The vulnerability has been patched in version 3.5.3…

Read More about Social Warfare Vulnerability Probes

Labs Note

March 26, 2019Krasimir Konov

Super Amazon Banners Plugin Gone Rogue

During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired and was registered by somebody…

Read More about Super Amazon Banners Plugin Gone Rogue

Labs Note

November 20, 2018Denis Sinegubko

Side Effects of the Site_url Hack

We\’ve been cleaning many sites infected by the so-called site_url hack–the result of the WP GDPR Compliance plugin vulnerability. The sites are broken because their static resource links point to…

Read More about Side Effects of the Site_url Hack

Labs Note

September 19, 2017Jose Martinez

Mayhem malware still on the wild

Years ago, colleagues from Yandex introduced the concept of Mayhem infections. In that post, they provided very detailed information about the malware, its functionalities and capabilities. The interesting point of…

Read More about Mayhem malware still on the wild

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.