Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / Remote Code Execution Patched Version: 1.4.6 Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A Privilege Escalation vulnerability affecting […]
Tag Archives: WordPress Security
WP Symposium – Zero Day Vulnerability Dangers
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing in the wild. This specific vulnerability was disclosed publicly Dec 11th, and attacks against it have started. If you use this WordPress plugin we encourage you to update your plugin. […]
Analyzing The WordPress SoakSoak Favicon Backdoor
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mitigation plan. In the previous post we described how hackers upload a ZIP file which appears to be a new plugin theme, but in reality is being used to […]
New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider
If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is using the domain wpcache-blogger.com as […]
SoakSoak Campaign Evolves – New Wave of Attacks
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websites. We have updates for concerned webmasters looking to stay on top of the threat and keep their site protected against these kinds of attacks. To those websites that have […]
SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11
Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quit a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don’t use the RevSlider plugin can […]
RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider […]
Leveraging the WordPress Platform for SPAM
We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment spam isn’t a major problem for most websites these days. I have seen however, a new trend starting to emerge when it comes to spam involving WordPress. In recent years […]
Security Advisory – High Severity– WordPress Download Manager
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: <2.7.4 If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF), we found a dangerous […]
Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website Firewall […]
