This entry was posted in Research, WordPress Security on December 17, 2019 by Mikey Veenstra 2 Replies
Early last month we released a comprehensive paper covering WP-VCD, the most prevalent malware campaign affecting the WordPress ecosystem in recent memory. In this paper we examined the campaign from a number of angles, such as the behavior of the malware itself, its method of distribution, and its evolution over time. The presence of threats …
Read More
This entry was posted in Research, WordPress Security on November 04, 2019 by Mikey Veenstra 9 Replies
One of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has associated WP-VCD with a higher rate of new infections than any other WordPress malware every week since August 2019, and the …
Read More
This entry was posted in Vulnerabilities, WordPress Security on October 21, 2019 by Mikey Veenstra 2 Replies
Description: Open Redirect CVSS v3.0 Score: 7.1 (High) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L Affected Software: Two built-in plugins packaged with the Bridge theme – Qode Instagram Widget and Qode Twitter Feed Plugin Slugs: qode-instagram-widget, qode-twitter-feed Affected Versions: Bridge Theme: 18.2 / Plugins: 2.0 (Twitter plugin) 2.0.1 (Instagram plugin) Patched Version: Bridge Theme: 18.2.1 / Plugins: 2.0.1 (Twitter …
Read More
This entry was posted in Vulnerabilities, WordPress Security on September 24, 2019 by Mikey Veenstra 18 Replies
Description: XSS Via Unauthenticated Plugin Options Update Affected Plugin: Rich Reviews Affected Versions: <= 1.7.4 CVSS Score: 8.3 (High) CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L The Wordfence Threat Intelligence team is tracking a series of attacks against an unpatched vulnerability in the Rich Reviews plugin for WordPress. The estimated 16,000 sites running the plugin are vulnerable to unauthenticated plugin …
Read More
This entry was posted in Research, WordPress Security on August 30, 2019 by Mikey Veenstra 10 Replies
In July, we reported on a malvertising campaign which was distributing redirect and popup code through a number of public vulnerabilities affecting the WordPress ecosystem. As mentioned in the article, we’ve continued tracking this threat for new or changing activity. Much of the campaign remains identical. Known vulnerabilities in WordPress plugins are exploited to inject …
Read More
This entry was posted in Research, WordPress Security on August 23, 2019 by Mikey Veenstra 24 Replies
Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to a number of potentially harmful locations. Each of the vulnerabilities targeted by this campaign have been public for …
Read More
This entry was posted in Research, WordPress Security on July 22, 2019 by Mikey Veenstra 7 Replies
The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention. By targeting a few …
Read More
This entry was posted in Vulnerabilities, WordPress Security on May 29, 2019 by Mikey Veenstra 3 Replies
Description: Unauthenticated Administrator Creation CVSS v3.0 Score: 10.0 (Critical) CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Affected Plugin: Convert Plus Plugin Slug: convertplug Affected Versions: <= 3.4.2 Patched Version: 3.4.3 On Friday May 24th, our Threat Intelligence team identified a vulnerability present in Convert Plus, a commercial WordPress plugin with an estimated 100,000 active installs. This flaw allowed …
Read More
This entry was posted in Vulnerabilities, WordPress Security on May 28, 2019 by Mikey Veenstra 2 Replies
In April, our Threat Intelligence team identified a privilege escalation flaw present in the latest version of Slick Popup, a WordPress plugin with approximately 7,000 active installs. We notified the developers, a firm called Om Ak Solutions, who acknowledged the issue and informed us that a patch would be released. Per our disclosure policy, we …
Read More
This entry was posted in Vulnerabilities, WordPress Security on May 28, 2019 by Mikey Veenstra 3 Replies
Toward the end of April, an unnamed security researcher published details of an unpatched vulnerability in WP Database Backup, a WordPress plugin with over 70,000 users. The vulnerability, which was irresponsibly disclosed to the public before attempting to notify the plugin’s developers, was reported as a plugin configuration change flaw. A proof of concept (PoC) …
Read More
