Syndicated Blog

Sucuri Blog
Website Security News

Zero-Day Stored XSS in Social Warfare

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and ...
0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an ...
More on Dnsden[.]biz Swipers and Radix Obfuscation

More on Dnsden[.]biz Swipers and Radix Obfuscation

After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites ...

Arbitrary Directory Deletion in WP-Fastest-Cache

The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker ...
Uncommon Radixes Used in Malware Obfuscation

Uncommon Radixes Used in Malware Obfuscation

Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a credit card ...
Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s urgency is ...
PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks

PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks

Welcome to the seventh post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process ...
Spotlight on Women in Cybersecurity

Spotlight on Women in Cybersecurity

Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity. Spotlight on Sucuri Women in Cybersecurity We ...
Sucuri Webinar: Is SSL enough to secure your website?

How to Add SSL & Move WordPress from HTTP to HTTPS

Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of ...
Hacked Website Trend Report – 2018

Hacked Website Trend Report – 2018

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes ...
Loading...