Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added, via an iFrame, to infected sites.
Tag Archives: wordpress
PHP Applications, WordPress Subject to Ghost glibc Vulnerability
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.
Backdoors Found Leveraging Pastebin
Instead of relying on their own sites to host malware, hackers are using a series of strings of malicious backdoor code on Pastebin sites and calling upon it to execute malware.
WordPress Symposium Plug-In Plagued by File Upload Vulnerability
Researchers warn that since public disclosure of a file-upload vulnerability in the WordPress Symposium plug-in and the availability of proof-of-concept exploit code, scans and exploit attempts are on the rise.
SoakSoak Malware Campaign Evolves
The attackers behind the SoakSoak malware campaign are continuing to modify their tactics and have infected a new group of Web sites. The Javascript code that the attackers target with the malware has also changed. Last week, Google took the step of blacklisting thousands of sites that had been infected by SoakSoak. The malware is targeting WordPress […]
Custom Websites Running HD FLV Player Plugin Vulnerable to Attack
CMS providers Joomla and WordPress have patched an arbitrary file download vulnerability in the HD FLV Player plug-in, but custom websites running the plug-in independently remain at risk.
Critical Remote Code Execution Flaw Found in WordPress Plugin
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site. The vulnerability is in the WP Download Manager, versions 2.7.4 and lower, and it could […]
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
WPScan Vulnerability Database a New WordPress Security Resource
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. It’s available for pen-testers, WordPress administrators and developers.