WordPress Unauthorized Password Reset Vulnerability (CVE-2017-8259)

A vulnerability reported to WordPress in July 2016 was publicly released recently and identified as CVE-2017-8259.  The vulnerability could allow an attacker to gain unauthorized access to a victim's WordPress account. Continue reading →

#apache, #wordpress

WordPress 4.7.2 is Available for Update

This article was posted more than 1 year ago. Please keep in mind that the information on this page may be outdated, insecure, or just plain wrong today.

Security vulnerabilities are addressed in WordPress 4.7.2. An XSS and SQL injection vulnerability (wp_query()) were discovered and have been patched.
Update your sites.

#wordpress

Part 1: Analysis of a WordPress Malware

I had some time at lunch to kill, so I decided to see how Malware techniques were improving in the land of WordPress and free premium theme download sites. Enter the Darknet. A simple Google search got me a theme ZIP file pretty quickly.  Now, it was time to see what malicious happenings this thing would cause.Unpacked, here's the structure of the ZIP file. . ├── functions.php ├── home.php ├── images │   ├── arrow.png │   ├── bg-pattern.png │   Continue reading →

#wordpress