Do you know how much it costs to clean a website when a plugin has been hacked? Disappointingly, many website operators using managed WordPress hosting have an … [Read more...]
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with … [Read more...]
Updated Services and Pricing
Our services and pricing have been adjusted for easier selection and relevance.Pricing now reflects the service, installation and repairs to WordPress … [Read more...]
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure … [Read more...]
Critical Persistent XSS 0day in WordPress
**Update 20150427**: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read it … [Read more...]
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are … [Read more...]
FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited … [Read more...]
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an … [Read more...]
Understanding WordPress Plugin Vulnerabilities
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more … [Read more...]
Zero-day in the Fancybox-for-WordPress Plugin
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from … [Read more...]