WooCommerce RC1 and RC2 • GetEllipsis search volume trends report shows growth for Woo • Negative security perceptions • Remkus de Vries on burnout and making life changes. Over at WooCommerce Core, both the RC1 and RC2 for 6.5 came out this week in preparation for the May 10th final release. Alex Denning published his… Continue reading BobWP’s Woo Snippet for the Week of May 1
Category: Articles
Massive WordPress JavaScript Injection Campaign Redirects to Ads
Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts… Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads
Examining Emerging Backdoors
Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a “foot in the door” to execute their payload. We see… Continue reading Examining Emerging Backdoors
Manually Identifying an X-Cart Credit Card Skimmer
During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento… Continue reading Manually Identifying an X-Cart Credit Card Skimmer
WooCommerce Credit Card Skimmers Concealed In Fake Images
Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the… Continue reading WooCommerce Credit Card Skimmers Concealed In Fake Images
Hacked Website Threat Report 2021
Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help keep website owners informed and aware of the dangers posed by malicious actors. This year’s report is a collection of observations made by Sucuri’s Research… Continue reading Hacked Website Threat Report 2021
Vulnerability Roundup – April 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this… Continue reading Vulnerability Roundup – April 2022
Keeping Up With PHP Updates
Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client sites include injections, broken authentication, cross site scripting, or even attackers targeting components with known vulnerabilities. In this post, we’ll be going over why outdated PHP versions can lead to… Continue reading Keeping Up With PHP Updates
Poodle and Doodle, FUD and the Sucuri WAF
On any given day, Sucuri sees thousands of clients go through the PCI compliance process. The requirements outlined by the Payment Card Industry Data Security Standards (PCI DSS) are mandatory for any website accepting credit card payment, and this process can be very stressful for website owners not familiar with these guidelines. Failure to comply… Continue reading Poodle and Doodle, FUD and the Sucuri WAF
Critical RCE Vulnerability in Elementor WordPress Plugin
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This… Continue reading Critical RCE Vulnerability in Elementor WordPress Plugin