Security page 1 of 1 for 17 posts

A vulnerability reported to WordPress in July 2016 was publicly released recently and identified as CVE-2017-8259.  The vulnerability could allow an attacker to gain unauthorized access to a victim's WordPress account. Continue Reading...

WordPress 4.7.2 is Available for Update

Security vulnerabilities are addressed in WordPress 4.7.2. An XSS and SQL injection vulnerability (wp_query()) were discovered and have been patched.
Update your sites.

Part 1: Analysis of a WordPress Malware

I had some time at lunch to kill, so I decided to see how Malware techniques were improving in the land of WordPress and free premium theme download sites. Enter the Darknet. A simple Google search got me a theme ZIP file pretty quickly.  Now, it was time to see what malicious happenings this thing would cause.Unpacked, here's the structure of the ZIP file. . ├── functions.php ├── home.php ├── images │   ├── arrow.png │   ├── bg-pattern.png │   Continue Reading...