As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered
Developers with WordPress fixed three security issues this week, including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS. The update, 4.7.2, was pushed
According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with
Attackers are adding unauthorized code at the top of infected websites, over 3,500 8sites already infected. Alarms are ringing in Symantec’s offices, as its research team has discovered a massive
15-day-old campaign has spiked in past 48 hours, with >5,000 new infections daily. Attackers have hijacked thousands of websites running the WordPress content management system and are using them to
Heimdal Security published an interesting post on the increase in malicious scripts that are being injected into legit websites in order to serve ransomware. Heimdal Security recently published an interesting
Heimdal Security researchers have observed a new ransomware campaign that utilizes the Neutrino exploit kit to deliver Teslacrypt ransomware to victims via websites running older version of the WordPress CMS.