Wordpress plugins – Page 3 – WindowsTechs.com

Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins

Posted on August 22, 2018 by Denis Sinegubko

This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.
When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA images. The messages and content try to … Continue reading Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins→

Google and Facebook Used in Phishing Campaigns

Posted on July 3, 2018 by Fioravante Souza

We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appe… Continue reading Google and Facebook Used in Phishing Campaigns→

Unwanted Ads via Baidu Links

Posted on April 10, 2018 by Denis Sinegubko

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.
Some of the changes were documented asUpdates at the bottom of the original blog post, however, every we… Continue reading Unwanted Ads via Baidu Links→

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

Posted on February 12, 2018 by Denis Sinegubko

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infe… Continue reading Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins→

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

Posted on November 24, 2017 by Marc-Alexandre Montpas

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation.
Over the past couple of weeks, we&#8217… Continue reading Formidable Forms / Shortcodes Ultimate Exploits In The Wild→

SQL Injection in bbPress

Posted on November 13, 2017 by Marc-Alexandre Montpas

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website.

Because details about this vulnerability have been made public today on a Hackerone report and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and make the details public.

Continue reading SQL Injection in bbPress at Sucuri Blog.

The post SQL Injection in bbPress appeared first on Security Boulevard.

Continue reading SQL Injection in bbPress→

VMware, CCleaner Malware, Equifax, and Rogue WordPress – Hack Naked News #141

Posted on September 18, 2017 by Paul Asadoorian

CCleaner is distributing malware, rogue WordPress plugins, Equifax replaces key staff members, and more. Jason Wood of Paladin Security discusses malicious WordPress plugins on this episode of Hack Naked News! News VMware Patches Bug That Allows Guest to Execute Code on Host – Last Friday VMware reported an “escape” vulnerability in its product line as discovered […]

The post VMware, CCleaner Malware, Equifax, and Rogue WordPress – Hack Naked News #141 appeared first on Security Weekly.

Continue reading VMware, CCleaner Malware, Equifax, and Rogue WordPress – Hack Naked News #141→

Tales of WordPress Plugin Insecurity Overblown, Researchers Say

Posted on December 16, 2016 by Chris Brook

The insecurity of WordPress plugins has been well documented, especially over the last year, but in the grand scheme of things, it’s not as bad as it seems, experts claim. Continue reading Tales of WordPress Plugin Insecurity Overblown, Researchers Say→