Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabilities in many different plugins, themes and components. This helps hackers maximize the number of sites they can compromise. Google Dorks Do you ever think about how hackers findRead […]
Tag Archives: vulnerabilitiy
Website Malware Removal: Phishing
As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into […]
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this happens, […]
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It though as many are still not getting the word, or blatantly not updating, because we are seeing […]
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escalation vulnerabilities we discovered earlier this week that may affect any web site running it. The risks If your site has subscribers, authors and non-admin users logging in […]