A vulnerability reported to WordPress in July 2016 was publicly released recently and identified as CVE-2017-8259. The vulnerability could allow an attacker to gain unauthorized access to a victim's WordPress account. Continue reading →
Category Archives: Security
WordPress 4.7.2 is Available for Update
Security vulnerabilities are addressed in WordPress 4.7.2. An XSS and SQL injection vulnerability (wp_query()
) were discovered and have been patched.
Update your sites.
Part 1: Analysis of a WordPress Malware
I had some time at lunch to kill, so I decided to see how Malware techniques were improving in the land of WordPress and free premium theme download sites. Enter the Darknet. A simple Google search got me a theme ZIP file pretty quickly. Now, it was time to see what malicious happenings this thing would cause.Unpacked, here's the structure of the ZIP file. . ├── functions.php ├── home.php ├── images │ ├── arrow.png │ ├── bg-pattern.png │ Continue reading →