Tag Archives: WordPress Security

Malicious Cryptominers from GitHub

Recently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site. Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file: <iframe src="hxxps://wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”> When we opened the URL in a browser, the page was blank. After checking the HTML source code, More Info »

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server. We also mentioned a post written back in April that described the cloudflare.solutions malware, which came along with the cryptominers. More Info »

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on More Info »

New WordPress Security Guide

WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target for malicious hackers that are looking for vulnerabilities to exploit. If an attacker is able to gain unauthorized access into an insecure website, they can leverage valuable resources More Info »

Cryptominers on Hacked Sites – Part 2

Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of the website owners. We reviewed two types of infections that affected WordPress and Magento sites, and have been monitoring the malicious use of the CoinHive More Info »

Fake Plugins, Fake Security

WordPress users are becoming increasingly more aware of security threats and as a result they are taking more actions to secure their websites (e.g. by installing security plugins). While this is a good thing, there are always black hats trying to take an advantage of new opportunities to compromise websites. For example, we’re seeing a More Info »

Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1

During regular research audits for our Sucuri Firewall (WAF), we discovered a source-based stored Cross-Site Scripting (XSS) vulnerability affecting WordPress 4.8.1. Are You at Risk? The vulnerability requires an account on the victim’s site with the Contributor role – or any account in a WordPress installation with bbPress plugin, as long as it has posting More Info »

Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data

Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks. Typical injected scripts look like this: <s cript type='text/javascript' src='hxxps://con1.sometimesfree[.]biz/c.js’> More Info »

Expired Domain Leads to WordPress Plugin Redirects

A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in compromised websites. These redirects often take visitors to phishing, malware, or advertising sites with the intention of capturing sensitive user data, distributing malware and backdoors, or generating advertisement impressions. More Info »