Tag Archives: WordPress Security

Threat Introduced via Browser Extensions

We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, our usual suspects are: Vulnerabilities in website software Trojanized software from untrusted sources (e.g. pirated themes and plugins) Stolen or brute-forced credentials (anything from FTP and SSH […]

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It though as many are still not getting the word, or blatantly not updating, because we are seeing […]