On a daily basis at Sucuri, we hear things like: “My host takes care of my website security.” “I have never been hacked, so why should I care?” Or here’ s a personal favorite: “I’ll take care of it if (when) it happens.” Let’s be honest, no one wants…

Read Full Article

During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60, 000+ users of the  WP Live Chat Support  WordPress plugin. Current State of the Vulnerability Though this security bug has been fixed in the 8.0.27 release, it can be exploited…

Read Full Article

​​Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs. ​​During a recent audit of the plugin, we found a severe vulnerability which allows donors to inject arbitrary code on an administrative page. ​​If you are using…

Read Full Article

The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, which can lead to a complete website takeover. All of our clients behind our website firewall are already protected, …

Read Full Article

Referral programs and affiliate marketing opportunities can be found on many web-based company sites, however, often they’ re overlooked. Commonly people consider these programs as something that they, “should leave to the professionals”. We designed our new Referral Program Guide to give clear insight into affiliate marketing for both beginners…

Read Full Article

Sucuri is partnering with GoDaddy Pro to make the internet more secure, one website professional at a time. Developers, designers, agencies, and freelancers now have an exclusive avenue to level up security knowledge and differentiate their businesses from the competition. GoDaddy Pro helps web developers and designers save…

Read Full Article

During regular research audits for our Sucuri Firewall (WAF), we discovered a Cross Site Request Forgery (CSRF) leading to a persistent Cross Site Scripting vulnerability affecting 70, 000+ users of the WP Meta and Date Remover plugin for WordPress. Disclosure / Response Timeline: April 30 – Initial contact attempt…

Read Full Article

Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages. The other day we cleaned an ASP site where we found a web.config file (the ASP.NET version of.htaccess) with these instructions: < configuration>    < system.webServer>        < defaultDocument enabled=”true”> …

Read Full Article

Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors. A good example of this is the shell_exec function which allows plain shell commands to be run directly through the…

Read Full Article

We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals). Now let us look into some of the methods that cybercriminals use to monetize stolen information like bank accounts, credit cards, and personal…

Read Full Article

Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60, 000 sites. If you are using this plugin, we recommend that you update it to version 4.3 immediately. As we’ve seen some…

Read Full Article

Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3…

Read Full Article

We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts. Plugins Added to the Attack Download WP Inventory Manager ( version…

Read Full Article

It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucuri service was originally called…

Read Full Article

It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to the blacklisting of a web host’s mail server IPs, or the domain name itself may be placed on…

Read Full Article

Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we…

Read Full Article

Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct& filter[]=system& method=get& server[REQUEST_METHOD]=uname& ipconfig In December 2018, a working exploit…

Read Full Article

In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated themes and plugins. However, it also adds new vulnerabilities as soon as…

Read Full Article

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40, 000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database using a friendly…

Read Full Article

The WordPress plugin repository team may “ close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository,  paying close attention to these closed plugins. This may result in massive attacks if…

Read Full Article

Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does? Search engines play an important role on the internet and with how websites perform. One may say that they…

Read Full Article

While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts over 800, 000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to…

Read Full Article

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave….

Read Full Article

It all started with a Twitter Poll we put out a couple of weeks ago, trying to find out what is the most used CMS by our customers. We added the usual suspects in the poll options; WordPress, Joomla, Drupal. We casually added an “Other” option, just in…

Read Full Article

Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of these vulnerabilities require the attacker to be authenticated on the site and have some level of privilege. One…

Read Full Article

WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied. We are not aware of any…

Read Full Article

As more people are creating websites and becoming aware of website security, companies are popping up everywhere to help with the problem. And just like website security plugins, not all website security services are created equal. Here at Sucuri, we believe that you should do your website security…

Read Full Article

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70, 000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the…

Read Full Article

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version…

Read Full Article

After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites (https: //t.co/3YJM9YeyAw). Additional domain seen in campaigns: checkip[.]bizhttps: //t.co/U67qZosp1e pic.twitter.com/ZWwGZG6zyN — EKFiddle (@EKFiddle) March 17, 2019 Just a…

Read Full Article