Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious files hosted on third party infected websites. Interestingly, the infection stores itself as encoded content in the database and is called through random functions littered […]
Tag Archives: WordPress Security
Vulnerable Plugin Exploited in Spam Redirect Campaign
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin […]
An Overview of Basic WordPress Hardening
We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic […]
Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce environment is diverse, constituting many different content management system (CMS) platforms […]
Malicious Redirects Through Bogus Plugin
Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors and website owners to malicious websites. The payload is the following bogus plugin located here: ./wp-content/plugins/plugs/plugs.php At first glance these appear to be very unorthodox domains: hxxp://xn--o1aofd[.]xn--p1ai hxxp://xn--80ady8a[.]xn--p1ai hxxp://xn--80adzf[.]xn--p1ai hxxp://xn--g1aey4a[.]xn--p1ai […]
WordPress Redirect Hack via Test0.com/Default7.com
Malicious redirect is a type of hack where website visitors are automatically redirected to some third-party website: usually it’s some malicious resource, scam site or a commercial site that buys traffic from cyber criminals (e.g. counterfeit drugs or replica merchandise). Types of Malicious Redirects There are two major types of malicious redirects: server-side redirects and […]
WooCommerce Credit Card Skimmer Hides in Plain Sight
Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment […]
WooCommerce Credit Card Swiper Hides in Plain Sight
Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and ESET would issue a warning but only once a product had been added to the cart and a customer was about to enter their payment […]
Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which affects WordPress versions 3.7 to 5.7.1. Be sure to get updated to 5.7.2 as soon as possible! According to WPScan, the new object injection vulnerability […]
WPScan Intro: How to Scan for WordPress Vulnerabilities
In this post, we look at how to use WPScan. The tool provides you a better understanding of your WordPress website and its vulnerabilities. Be sure to check out our post on installing WPScan to get started with the software. Big Threats Come from Unexpected Places Imagine for a second that you’re a survivor in […]
