WordPress Plugins and Themes
Pirated WordPress Plugins Bundled with Backdoors
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although these are certainly two of the more ...
Vulnerabilities Digest: June 2020
Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding ...
Cross Site Scripting in YITH WooCommerce Ajax Product Filter
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of ...
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. PluginVulnerabilityPatched VersionInstalls Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate ...
Duplicated Vulnerabilities in WordPress Plugins
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came ...
OneTone Vulnerability Leads to JavaScript Cookie Hijacking
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz. This specific wave ...
Top 10 Hacks & Attacks from 2019
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the point of ...
6 Simple Steps for Hardening your WordPress Security
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to Harden WordPress ...
Hacked Website Threat Report – 2019
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively ...
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time ...
