Clik here to view.
Massive Malware Infection Breaking WordPress Sites
Update: We identified the root cause: MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites The last few days has brought about a massive influx of broken WordPress...
View ArticleClik here to view.
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of...
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the issue. The vulnerability...
View ArticleClik here to view.
New Brute Force Attacks Exploiting XMLRPC in WordPress
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is always interesting however are the tools...
View ArticleClik here to view.
WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue lies in the XML entity expansion parser that can...
View ArticleClik here to view.
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download...
View ArticleProtecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have security implications. These are known...
View ArticleRevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware...
View ArticleClik here to view.
Advisory – Dangerous "nonce" leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you’re a user of the UpdraftPlus plugin for...
View ArticleZero-day in the Fancybox-for-WordPress Plugin
Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar...
View ArticleUnderstanding WordPress Plugin Vulnerabilities
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more relevant, while others are what we’d...
View ArticleClik here to view.
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the...
View ArticleAdvisory – Dangerous “nonce” leak in UpdraftPlus
Advisory for: UpdraftPlus Security Risk: High Exploitation level: Remote DREAD Score: 7/10 Vulnerability: Privilege Escalation Patched Version: 1.9.51 If you’re a user of the UpdraftPlus plugin for...
View ArticleZero-day in the Fancybox-for-WordPress Plugin
Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar...
View ArticleUnderstanding WordPress Plugin Vulnerabilities
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more relevant, while others are what we’d...
View ArticleWebsite Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the...
View ArticleFBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin...
View ArticleSecurity Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to...
View ArticleCritical Persistent XSS 0day in WordPress
**Update 20150427**: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read it right: a critical, unpatched 0-day...
View ArticleJetPack and TwentyFifteen Vulnerable to DOM-based XSS
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the...
View ArticleWebsite Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with...
View Article
