WordPress Plugins and Themes
Hackers Love Expired Domains
Sometimes, website owners no longer want to own a domain name and they allow it to expire without attempting to renew it. This happens all the time and is totally normal, but ...
Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand
October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin ...
WordPress Malware Disables Security Plugins to Avoid Detection
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it? I’ve ...
Reflected XSS in WordPress Plugin Admin Pages
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has ...
Insufficient Privilege Validation in NextScripts: Social Networks Auto-Poster
NextScripts: Social Networks Auto-Poster is a plugin that automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+, Blogger, Tumblr, Flickr, LinkedIn, Instagram, Telegram, YouTube, WordPress, ...
Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
Yesterday, the WordPress plugin File Manager was updated, fixing a critical vulnerability allowing any website visitor to gain complete access to the website. Users of our WAF were never vulnerable to this ...
Vulnerabilities Digest: July 2020
Relevant Plugins and Vulnerabilities: PluginVulnerabilityPatched VersionInstalls Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0 – Arbitrary File Upload 7.0.5 ...
Reverse String WooCommerce WordPress Credit Card Swiper
As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to ...
Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading as a ...
Pirated WordPress Plugins Bundled with Backdoors
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although these are certainly two of the more ...
