Archive by Author

Plugins Added to Malicious Campaign

We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts. Plugins Added to the Attack Download WP Inventory Manager (version <= 1.8.2) Woocommerce User Email Verification.  (version <= More Info »

Sucuri’s 10th Anniversary

It feels like yesterday, but it has been 10 years since the domain was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucuri service was originally called NBIM (Network Based Integrity Monitoring). Sucuri intended More Info »

PCI for SMB: Requirement 12 – Maintain an Information Security Policy

Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and More Info »

ThinkPHP 5.x Remote Code Execution

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was released for the versions v5.0.23 and More Info »

From .tk Redirects to PushKa Browser Notification Scam

In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated themes and plugins. However, it also adds new vulnerabilities as soon as they are disclosed—like the recent Social Warfare More Info »

SQL Injection in Advance Contact Form 7 DB

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database using a friendly interface. Though the bug has been fixed More Info »

Attacks on Closed WordPress Plugins

The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the More Info »

DDoS Targeting WordPress Search

Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does? Search engines play an important role on the internet and with how websites perform. One may say that they are the actual doorway to the online More Info »

SQL Injection in Duplicate-Page WordPress Plugin

While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts over 800,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of this vulnerability is that More Info »