Tag Archives: WordPress Security

How to Find, Change & Protect the WordPress Login URL: A Beginner’s Guide

If you’ve recently launched a WordPress website, you might be asking, “How do I log in to WordPress?” or “Where is my WordPress login located?” Don’t worry — you’re not alone, and these are essential questions to ask. Understanding where to find your WordPress login URL and how to use it is a fundamental part […]

Thousands of Sites with Popup Builder Compromised by Balada Injector

On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector campaign started infecting websites with older versions of the Popup Builder. The attack used a […]

WordPress Vulnerability & Patch Roundup December 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer

One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s checkout page. This plugin includes an interesting sample of malicious code which goes to great […]

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) vulnerability on your site, which allows attackers to execute malwares and steal your data, user […]

Critical RCE Vulnerability Patched in Backup Migration Plugin

On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days later after users were given an opportunity to install the patch, although the official CVE is still locked down in “reserved” mode. Website administrators are advised to update to the […]

WPScan Intro: How to Scan for WordPress Vulnerabilities

In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding of your WordPress website and any vulnerabilities that may be present in your environment. It also happens to be pre-installed in Kali Linux. If you haven’t set it up yet, […]

WordPress Vulnerability & Patch Roundup November 2023

Troubleshooting WordPress: How to Fix the White Screen of Death

Navigating to your WordPress site only to be met with the White Screen of Death (WSoD) can be a daunting experience. This error denies access to your site for both administrators and visitors, disrupting your website’s performance and user experience. Despite its prevalence, this common WordPress problem has a number of straightforward solutions. In this […]

WordPress Vulnerability & Patch Roundup October 2023

Stratusclear.org

Stratusclear Network