Over the summer we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts coming from established ad networks like shorte.st to new domains created specifically for those attacks. Typical injected scripts look like this: <s cript type='text/javascript' src='hxxps://con1.sometimesfree[.]biz/c.js’> […]
Tag Archives: WordPress Security
Expired Domain Leads to WordPress Plugin Redirects
A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in compromised websites. These redirects often take visitors to phishing, malware, or advertising sites with the intention of capturing sensitive user data, distributing malware and backdoors, or generating advertisement impressions. […]
SQL Injection Vulnerability in WP Statistics
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues. While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites. Are You at Risk? This vulnerability is caused by the […]
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case. Shorte[.]st is a service that hijacks links, […]
Spotlight: How a Digital Marketing Agency Secures Client Sites
Based in Melbourne, Australia for over 17 years, 24Digital knows what it takes to succeed in the ever-evolving digital marketing space which is no longer a world resting on desktop alone. The goal is to be an extension to every client’s marketing department, a true partnership to launch or rebuild effective websites – from WordPress […]
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies keep a user logged in until they either log out […]
Website Malware: Unwanted Exit to YourBrexit
Some website hacks aim to make some political statements. Defacements are well known for this. Some infections redirect visitors to scam sites that push (usually counterfeit) goods or (often illegal) services. But what would you feel if your site redirected visitors to a political news site? This time we are talking about an attack that […]
WordPress Security – Unwanted Redirects via Infected JavaScript Files
We’ve been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it can find. Previous versions of this malware injected only jquery.js files, but now we remove this code from hundreds of infected files. Due to a […]
Malicious Subdirectories Strike Again
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products. This time, attackers used a similar technique […]
SEO Spam Campaign Exploiting WordPress REST API Vulnerability
Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated. In fact, we are seeing quite a few sites that are still using versions 4.7 and 4.7.1, which are vulnerable […]
