Tag Archives: WordPress Security

High Severity Vulnerability in WordPress Elementor Pro Patched

On March 22nd, 2023 a security patch was issued for the popular website builder plugin Elementor Pro. Website administrators using this plugin should immediately patch to at least version 3.11.7 to avoid a potential website compromise. The security issue is reported to affect only the Pro version of the plugin and not the free version […]

WordPress Vulnerability & Patch Roundup March 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and patches for the WordPress ecosystem this past […]

Critical Vulnerability Discovered in WooCommerce Payments

On March 22nd, 2023 a critical vulnerability was discovered within the WooCommerce Payments plugin – an extremely popular eCommerce payment plugin for WordPress with over half a million active installations. Thankfully the vulnerability was discovered by white hat security researcher Michael Mazzolini and responsibly disclosed through HackerOne, giving websites time to install the patched version […]

WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin

Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Overall they are both robust and secure payment platforms that are perfectly safe to use. […]

Magbo Spam Injection Encoded with hex2bin

We recently had a new client come to us with a rather peculiar issue on their WordPress website: They were receiving unwanted popup advertisements but only when the website was accessed through links posted on FaceBook. Initially we thought that this must be a rogue ad coming through an otherwise legitimate advertising network but it […]

WordPress Vulnerability & Patch Roundup February 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Attackers Abuse Cron Jobs to Reinfect Websites

Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a backdoor that we’ve been tracking. In today’s post we’ll be discussing what cron jobs are, […]

The Dangers of Installing Nulled WordPress Themes and Plugins

Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to WordPress security. Essentially modified versions of official WordPress themes and plugins with their licensing restrictions removed, these nulled software copies are often touted as premium functionality packaged in a free […]

Konami Code Backdoor Concealed in Image

Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors that we have observed over the last few months has been designed to evade detection […]

WordPress Vulnerability & Patch Roundup January 2023