As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered was a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. We disclosed the vulnerability to the WordPress Security Team who handled it extremely well. Continue reading Content Injection Vulnerability in WordPress at Sucuri Blog.
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources. One of the techniques they use is to add fake extensions that perform various malicious activities. In this note, we will give more details on an emerging malware campaign where attackers use a bogus WordPress plugin to trigger malicious redirects. Continue reading Fake bb_press Plugin Redirects to Mobile Pornography at Sucuri Blog.