As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue to achieve a stored cross-site scripting attack. This issue […]
Tag Archives: WordPress Security
SQL Injection Vulnerability in NextGEN Gallery for WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive […]
WordPress Security – Fake TrafficAnalytics Website Infection
Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script. Recently, a new variation of […]
RCE Attempts Against the Latest WordPress REST API Vulnerability
We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could. The RCE attempts we are seeing in the wild do not affect every WordPress […]
JavaScript Injections Leads to Tech Support Scam
During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing plugin, using it in URL naming conventions and an image file. The malware ultimately redirects website visitors to node.additionsnp[.]top which hosts a tech support scam that can be dangerous to […]
WordPress REST API Vulnerability Abused in Defacement Campaigns
WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild. In less than 48 hours after the vulnerability was disclosed, we […]
Content Injection Vulnerability in WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post […]
Spotlight: Website Security Response for Photographers
It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one. A website helps you develop a brand identity, communicate the value of your offerings, and […]
Fake bb_press Plugin Redirects to Mobile Pornography
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources. One of the techniques they use is to add fake extensions that perform […]
Hacked Website Report – 2016/Q3
Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of over 8,000 infected websites. This […]
