Security – Tech Notes

Security page 1 of 1 for 17 posts

WordPress Unauthorized Password Reset Vulnerability (CVE-2017-8259)

A vulnerability reported to WordPress in July 2016 was publicly released recently and identified as CVE-2017-8259. The vulnerability could allow an attacker to gain unauthorized access to a victim's WordPress account. Continue Reading...

WordPress 4.7.2 is Available for Update

Security vulnerabilities are addressed in WordPress 4.7.2. An XSS and SQL injection vulnerability (wp_query()) were discovered and have been patched.
Update your sites.

Part 1: Analysis of a WordPress Malware

I had some time at lunch to kill, so I decided to see how Malware techniques were improving in the land of WordPress and free premium theme download sites. Enter the Darknet. A simple Google search got me a theme ZIP file pretty quickly. Now, it was time to see what malicious happenings this thing would cause.Unpacked, here's the structure of the ZIP file. . ├── functions.php ├── home.php ├── images │ ├── arrow.png │ ├── bg-pattern.png │ Continue Reading...