Collaborate Disseminate
These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections was significantly larger — and it was quite typical to see hu… Continue reading TimThumb Attacks: The Scale of Legacy Malware Infections
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the web page.
This irritating pop-up didn’t come from malware placed in the website’s file… Continue reading How Domain Expiration Can Potentially Disrupt Other Websites
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has, the more potential points of entry an attacker has to leverage.
… Continue reading Reverse Hardening WordPress Config
Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers.
Versions 1.10.28.2 and lower are affected by a persistent … Continue reading Icegram Persistent Cross-Site Scripting
WordPress activity logs can be helpful when troubleshooting or trying to identify a hack. In this article, you’ll learn about the seven things you should monitor in your WordPress logs.
Over the years, WordPress has grown more complex. WordPress… Continue reading 7 Things You Should Monitor in WordPress Activity Logs
Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the titles of vulnerable WordPress sites.
1… Continue reading Massive 1800ForBail WordPress Hacks
On May 28th, a critical OS Command Injection vulnerability affecting the WP-Database-Backup plugin was disclosed to the public by the Wordfence team. This is a very nasty bug which made it possible for a bad actor to get full control of affected websi… Continue reading OS Command Injection in WP-Database-Backup
WordPress is one of the most popular content management systems (CMS) out there. That’s why it is vital to prevent WordPress hacking.
Statistically, over 33% of websites currently run on WordPress.
This post is not a “one size fits allR… Continue reading WordPress Hacks: 5 Ways to Protect WordPress from Hacking
The WordPress Slimstat plugin, which currently has over 100k installs, allows your website to gather analytics data for your WordPress website. It will track certain information such as the browser and operating system details, plus page visits to opt… Continue reading Slimstat: Stored XSS from Visitors
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat Support WordPress plugin.
Current State of the Vulnerability
Thoug… Continue reading Persistent Cross-site Scripting in WP Live Chat Support Plugin