WP Security Bloggers http://www.wpsecuritybloggers.com The Number One Source for WordPress Security News and Updates Mon, 20 Feb 2017 19:19:16 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.2 79282814 Easy Table – Authenticated Stored Cross-Site Scripting (XSS) https://wpvulndb.com/vulnerabilities/8737 Mon, 20 Feb 2017 19:18:29 +0000 http://www.wpsecuritybloggers.com/uncategorized/easy-table-authenticated-stored-cross-site-scripting-xss https://wpvulndb.com/vulnerabilities/8737
SEO is one of the primary reasons websites get hacked https://secupress.me/blog/website-hacked-for-seo-spam/ Mon, 20 Feb 2017 14:00:32 +0000 http://www.wpsecuritybloggers.com/uncategorized/seo-is-one-of-the-primary-reasons-websites-get-hacked https://secupress.me/blog/website-hacked-for-seo-spam/

Did you think hackers were just nefarious for the sake of being nefarious? That’s not the case. Google makes it clear in their webmaster channel that SEO is a big motivator for hackers. Once hackers get into your WordPress, it can be very tricky to remove their code. Another thing to keep in mind is that most black SEO experts go

Why Would a Malicious Hacker Target Your WordPress? https://www.wpwhitesecurity.com/wordpress-security/why-malicious-hacker-target-wordpress/ Sat, 18 Feb 2017 20:21:13 +0000 http://www.wpsecuritybloggers.com/uncategorized/why-would-a-malicious-hacker-target-your-wordpress https://www.wpwhitesecurity.com/wordpress-security/why-malicious-hacker-target-wordpress/

We’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive information?

The hacking to steal

WordPress Shutdowns Discussion of Their Refusal to Warn About Unfixed Vulnerable Plugins https://www.pluginvulnerabilities.com/2017/02/17/wordpress-shutdowns-discussion-of-their-refusal-to-warn-about-unfixed-vulnerable-plugins/ Fri, 17 Feb 2017 23:56:59 +0000 http://www.wpsecuritybloggers.com/uncategorized/wordpress-shutdowns-discussion-of-their-refusal-to-warn-about-unfixed-vulnerable-plugins https://www.pluginvulnerabilities.com/2017/02/17/wordpress-shutdowns-discussion-of-their-refusal-to-warn-about-unfixed-vulnerable-plugins/

Since 2012 we have been trying to get WordPress to start warning webmasters when their websites are using plugins that have been removed from the Plugin Directory due to security issues (and notify people in general that they are using plugins that have been removed from it). In the past WordPress’ position was that they were working on implementing this, but as of

Reflected Cross-Site Scripting (XSS) Vulnerability in Time Sheets https://www.pluginvulnerabilities.com/2017/02/17/reflected-cross-site-scripting-xss-vulnerability-in-time-sheets/ Fri, 17 Feb 2017 23:08:31 +0000 http://www.wpsecuritybloggers.com/uncategorized/reflected-cross-site-scripting-xss-vulnerability-in-time-sheets https://www.pluginvulnerabilities.com/2017/02/17/reflected-cross-site-scripting-xss-vulnerability-in-time-sheets/

We recently found that the Time Sheets plugin contains a reflected cross-site scripting (XSS) vulnerability on one the plugin’s admin pages, Old Timesheets.

As of version 1.3.1, in the file /entry.php the GET inputs “start_date”, “end_date”, and “include_completed” were echo’d out with being sanitized or escaped to prevent malicious code from being placed on the page:

$start_date = $_GET[‘start_date’]; $end_date

Open Redirect Vulnerability in GTranslate https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/ Fri, 17 Feb 2017 22:31:10 +0000 http://www.wpsecuritybloggers.com/uncategorized/open-redirect-vulnerability-in-gtranslate https://www.pluginvulnerabilities.com/2017/02/17/open-redirect-vulnerability-in-gtranslate/

Recently while looking in to what turned out to be unrelated probing from a hacker for WordPress plugins we took a look at the plugin GTranslate and found that it has an open redirect vulnerability.

In the file /url_addon/gtranslate.php a redirect will occur if two variables are the same:

30 31 32 33 if($glang

WordPress Security – Fake TrafficAnalytics Website Infection http://feedproxy.google.com/~r/sucuri/blog/~3/scsaHEscVcQ/fake-trafficanalytics-website-infection.html Fri, 17 Feb 2017 18:30:52 +0000 https://www.wpsecuritybloggers.com/uncategorized/wordpress-security-fake-trafficanalytics-website-infection http://feedproxy.google.com/~r/sucuri/blog/~3/scsaHEscVcQ/fake-trafficanalytics-website-infection.html

Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script.

Recently, a new variation of this type of infection has

Arbitrary File Download Vulnerability in WP Hide Security Enhancer https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/ Fri, 17 Feb 2017 09:00:58 +0000 http://www.wpsecuritybloggers.com/uncategorized/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2 https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/

About Julio Potier All of Julio Potier’s posts

Co-founder of WP Media, french startup of 14 passionates, known for WP Rocket and Imagify. Julio is also co-organisator of WordCamp Paris. Compulsive speaker and WordPress expert, he’s a specialist in security for years and contribute to WordPress various ways.

Wordfence In Depth: How Malware Becomes Scan Signatures https://www.wordfence.com/blog/2017/02/malware-to-scan-signatures/ Thu, 16 Feb 2017 18:31:51 +0000 http://www.wpsecuritybloggers.com/uncategorized/wordfence-in-depth-how-malware-becomes-scan-signatures https://www.wordfence.com/blog/2017/02/malware-to-scan-signatures/

This entry was posted in Research, Wordfence on February 16, 2017 by Mark Maunder   0 Replies

One of the most effective ways the Wordfence team keeps the WordPress community and customers secure is through something we call the ‘Threat Defense Feed’. This is a combination of people, software, business processes and data. It’s an incredibly effective way to keep hackers

Applying the Lessons of Recent WordPress Defacements to the Handling of Plugins on Your Website https://www.pluginvulnerabilities.com/2017/02/13/applying-the-lessons-of-recent-wordpress-defacements-to-the-handling-of-plugins-on-your-website/ Mon, 13 Feb 2017 20:13:48 +0000 http://www.wpsecuritybloggers.com/uncategorized/applying-the-lessons-of-recent-wordpress-defacements-to-the-handling-of-plugins-on-your-website https://www.pluginvulnerabilities.com/2017/02/13/applying-the-lessons-of-recent-wordpress-defacements-to-the-handling-of-plugins-on-your-website/

Recently quite a few WordPress websites (though not as many as the inflated claims by Wordfence and other security companies would have you believe) have been defaced due in large part to improper handling of security by the webmasters of those websites. While an exploitable vulnerability existed in 4.7.0 and 4.7.1, most websites running WordPress 4.7 at the time were protected