• Home
  • /Archive by category ' Anti-Virus Anti-Malware '

Archive For: Anti-Virus Anti-Malware

SQLi Vulnerability in YITH WooCommerce Wishlist

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites. Are You at Risk? This vulnerability... Read More
 

New Service Vulnerability Disclosure Policy

The Wordfence team regularly discovers security issues with commercial services, such as WordPress hosting providers, that put their users at risk. In some cases, the issue is quite severe, putting thousands of websites at risk simultaneously. In these instances, our standard approach has been to contact the service provider directly, provide them with the details... Read More
 

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server. We also mentioned a post written back in... Read More
 

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation. Over the past couple of weeks, we’ve noticed a large influx in the number of malicious requests testing for the presence of the... Read More
 

Risks For E-commerce Site Owners Through the Holidays

Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also busy infecting ecommerce websites with malware, such as: Credit Card Swipers Malicious Payment Gateways Malware Downloads Now is the time when attackers target those last-minute shoppers buying products online. Over... Read More
 

Vulnerabilities in Formidable Forms, Duplicator and Yoast SEO Plugins

Vulnerabilities have been reported in the Formidable Forms, Duplicator and Yoast SEO WordPress plugins. The Premium version of Wordfence protects against all of these vulnerabilities, even if you have not updated your plugins yet. We do recommend that you update immediately, whether or not you are using the Premium version of Wordfence. The details of... Read More
 

How to Avoid Malicious Cyber Monday Campaigns

As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are crafting fraudulent websites, phishing, and malware campaigns to capitalize on the profits. In past years, targeted Cyber Monday phishing emails posed a huge risk to consumers. These emails, designed to appear from... Read More
 

Ask Wordfence: Should I Permanently Block IPs That I See Wordfence Blocking?

This is the fifth installment in a new series we started last month called Ask Wordfence. You can access previous posts here. Today’s question comes from Brooke in Harrisonburg: When I see IPs blocked by firewall, or blocked for trying to log in, is there a benefit to permanently blocking them, one by one, or is... Read More
 

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on... Read More