• Home
  • /Archive by category ' Hacks & Vulnerabilities '

Archive For: Hacks & Vulnerabilities

SQLi Vulnerability in YITH WooCommerce Wishlist

As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and potential customers to make wish lists containing products in the WooCommerce store, and is currently installed on 500,000+ websites. Are You at Risk? This vulnerability... Read More

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server. We also mentioned a post written back in... Read More

Formidable Forms / Shortcodes Ultimate Exploits In The Wild

On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are used together on a single WordPress installation. Over the past couple of weeks, we’ve noticed a large influx in the number of malicious requests testing for the presence of the... Read More

Risks For E-commerce Site Owners Through the Holidays

Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also busy infecting ecommerce websites with malware, such as: Credit Card Swipers Malicious Payment Gateways Malware Downloads Now is the time when attackers target those last-minute shoppers buying products online. Over... Read More

How to Avoid Malicious Cyber Monday Campaigns

As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are crafting fraudulent websites, phishing, and malware campaigns to capitalize on the profits. In past years, targeted Cyber Monday phishing emails posed a huge risk to consumers. These emails, designed to appear from... Read More

SQL Injection in bbPress

During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website. Because details about this vulnerability have been made public today on... Read More

Why Attackers Hack Small Sites

You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity of stealing your valuables. That’s the same way you can look at website hacking. Leaving your website unprotected is like establishing an open-door policy with hackers, giving them... Read More

Severe Vulnerability in Wi-Fi Devices

Wordfence just requested that we help spread the word! Severe Vulnerability in All Wi-Fi Devices This entry was posted in General Security on October 16, 2017 by Mark Maunder This is a public service announcement (PSA) from the Wordfence team regarding a security issue that has a wide impact. Today is being called “Black Monday”... Read More

How to Protect Your WordPress – WPSetup Attack

How to Protect WordPress According to Wordfence, the WP Setup attack is gaining momentum. You can avoid falling victim, by following the  How to Protect Your WordPress procedures below: A Safe Way to Install a New WordPress Before you begin your WordPress installation, make a .htaccess file in your web directory containing the following: order... Read More

If You Use This, You’ve Likely Been Hacked

Super Easy Website Hacking There’s an old very handy script that has a major security problem. I received this information from Wordfence CyberSecurity Updates this morning. Here’s a snippet of their article and a link to view the entire article including detection methods. If You Use This Script, You’ve Probably Already Been Hacked This entry... Read More