Ten WordPress plugins by Multidots for WooCommerce identified as vulnerable and dangerous

Recently our research team found serious security issues in ten WordPress plugins developed by the same vendor – MULTIDOTS Inc. company. All vulnerable plugins designed to work alongside with WooCommerce so there is a real threat to all online stores powered by WooCommerce and one of these plugins. Vulnerable WordPress plugins All these WordPress plugins were available on WordPress.org plugin repository and all of them were highly dangerous. WooCommerce Category Banner Management (Active installations: 3,000+) – Unauthenticated Settings Change Add Social Share Messenger Buttons Whatsapp and Viber (Active installations: 500+) – Cross-site Request Forgery (CSRF) Advance Search for WooCommerce (Active […]

How To Identify That Your Website Hacked for Pharma Spam

Pharma Spam or Pharma Hack is a type of SEO spam used by hackers to improve the SEO rank of websites selling pharmaceutical products like Viagra, Cialis, Xanax, Valium, and Celebrex. Hacked Website Report 2017 found that 44% of all malware attacks included the creation of SEO spam campaigns on the targeted site. This kind of attacks involves the addition of new pages or alteration of existing pages to add links for SEO purposes. In this guide, we’ll explain how pharma spam works then offer some tips for checking if you have any pharma spam on your website. Finally, we’ll […]

wpForo Forum 1.4.9 – Unauthenticated SQL Injection


How To Fix Suspended Google AdWords Campaign Due to Malware On Site

There has been a dramatic increase in the amount of malware found on Internet websites in past few years. The Q4 2017 Website Security Insider analysis found that 1% of the world’s websites (an estimated 18.5 million websites) are now infected with malware. In many cases, the owners of affected sites are not even aware that there is malware present. Having malware on your website can be very detrimental. Not only can malware potentially infect the computers of website visitors, it can cause the website to be suspended from programs like Google Adwords. If your website has been suspended from […]

Tcpdump Examples

Practical tcpdump examples to lift your network troubleshooting and security testing game. Commands and tips to not only use tcpdump but master ways to know your network. Knowing tcpdump is an essential skill that will come in handy for any system adminstrator, network engineer or security professional. Practical tcpdump examples 1. Extract HTTP User Agents2. Capture only HTTP GET

Hijacked WordPress.com Accounts Being Used To Infect Sites

Our customer service team raised the alarm about a problem several users have had in the last few days. They all reported a malicious plugin named “pluginsamonsters” suddenly installed on their site. They learned about the problem thanks to an alert from Wordfence. This post is Copyright 2018 Defiant, Inc. and was published on the wordfence.com official blog. Republication of

Loginizer 1.3.8-1.3.9 – Unauthenticated Stored Cross-Site Scripting (XSS)


BBE Theme <= 1.52 – Direct Object Reference


ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 – Authenticated Code Execution


How To Clean A Hacked WordPress Site On Your Own

WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. To try and help with this, we’re going to be taking a look at what you need to do in order to clean out a WordPress site. Check Core File Integrity With WordPress sites, you’ll find that a lot of the core files do not […]