This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world — even if their site is not hacked. It all began with a pretty regular sample of an infected WordPress index.php file containing a long, encrypted one-line injection in front of More Info »
Tag Archives: WordPress Security
OS Command Injection in WP-Database-Backup
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to gain full control of affected websites — with over 70,000 reported active installs. Are You Affected? On April More Info »
WordPress Hacks: 5 Ways to Protect WordPress from Hacking
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking. Statistically, over 33% of websites currently run on WordPress. This post is not a “one size fits all” overview, as there are many other ways to protect WordPress from hacking. Here at Sucuri, More Info »
Return to the City of Cron – Malware Infections on Joomla and WordPress
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware from a third party domain. Persistent Malware Infection on WordPress and Joomla Websites This More Info »
.htaccess Injector on Joomla and WordPress Websites
During the process of investigating one of our incident response cases, we found an .htaccess code injection. It had been widely spread on the website, injected into all .htaccess files and redirecting visitors to the http[:]//portal-f[.]pw/XcTyTp advertisement website. Taking a Look at the .htaccess Injector Code Below is the code within the ./modules/mod_widgetread_twitt/ index.php file More Info »
Slimstat: Stored XSS from Visitors
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to optimize the website analytics. Versions below 4.8.1 are affected by an unauthenticated stored XSS on the administrator More Info »
Persistent Cross-site Scripting in WP Live Chat Support Plugin
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat Support WordPress plugin. Current State of the Vulnerability Though this security bug has been fixed in the 8.0.27 release, it can be exploited by an attacker without any account in More Info »
WordPress Plugin Give – Stored XSS for Donors
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. During a recent audit of the plugin, we found a severe vulnerability which allows donors to inject arbitrary code on an administrative page. If you are using a version lower than 2.4.7, you should More Info »
Multiple Vulnerabilities in the WordPress Ultimate Member Plugin
The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, which can lead to a complete website takeover. All of our clients behind our website firewall are already protected, and are not at risk. The three More Info »
Persistent XSS via CSRF in WP Meta and Date Remover
During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability affecting 70,000+ users of the WP Meta and Date Remover plugin for WordPress. Disclosure / Response Timeline: April 30 – Initial contact attempt May 07 – Patch is live Are More Info »
