Sucuri Malware Research Team
Browsing Category
WordPress Security
628 posts
Vulnerability & Patch Roundup — November 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Malicious Script Injection on WordPress Sites
Puja Srivastava Recently, our team discovered a JavaScript-based malware affecting WordPress sites, primarily targeting those using the Hello Elementor theme. This type of malware is commonly embedded…
Simple Include Statement Hides Casino Spam
Kayleigh Martin Just as there are countless types of websites on the internet, there are just as many attackers seeking to exploit them. These attackers develop malicious…
PHP Reinfector and Backdoor Malware Target WordPress Sites
We recently observed a surge in WordPress websites being infected by a sophisticated PHP reinfector and backdoor malware. While we initially believed that the infection…
2024 Credit Card Theft Season Arrives
Ben Martin The holiday shopping season is just around the corner, and it’s the time of year the eCommerce website owners need to be most on their…
WordPress Vulnerability & Patch Roundup October 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Rogue Ads Redirect Visitors
Matt Morrow Ads are everywhere. They generate revenue for site owners and can present related content to the website being visited. As detailed in previous articles, bad…
Indonesian Gambling Redirect Hiding in Plain Sight
Many pieces of malware found over the years have been complex and difficult to find. Attackers often obfuscate their code to make it harder to…
Fake “Fix It” Pop-Ups Target WordPress Sites via Malicious Plugin to Download Trojan
In our recent investigation, we discovered a new malware campaign targeting WordPress sites through a fake plugin, universal-popup-plugin-v133, which delivers deceptive browser fix pop-ups. This…
WooCommerce Security Essentials for Store Owners
Kyle Knight Running a WooCommerce store is awesome for your business – it opens up a whole world of opportunities. But let’s be honest, it also comes…
WordPress Vulnerability & Patch Roundup September 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…