Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user into the infected database whenever the trigger condition is met. What makes this especially problematic for website owners is that most malware cleanup guides focus […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/YO_WM-0196E/sql-triggers-in-website-backdoors.html
WordPress 5.7 is due to be released on March 9, and it will allow administrators to send password reset emails to users. A botnet is abusing the Bitcoin blockchain for command and control, while VMWare fixes a critical remote code execution bug in all default vCenter installations. Android users now have an easy way to […]
More info:
https://www.wordfence.com/blog/2021/02/episode-106-admin-password-resets-blockchain-botnets-and-a-central-management-rce/
WordPress 5.7 features a new Robots API that provides filter-based control over the robots meta tag. So if your site is running WordPress 5.7 or better, you will notice a new tag included in the section of your web pages. By default, the meta tag added by WordPress has a value of max-image-preview:large, […]
More info:
https://perishablepress.com/wordpress-disable-wp-robots/
The second release candidate for WordPress 5.7 is now available! You can test the WordPress 5.7 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “Bleeding edge” channel and Beta/RC Only” stream options) Or download the release candidate here (zip). Thank you to all of the contributors who tested the Beta/RC releases and gave feedback. […]
More info:
https://wordpress.org/news/2021/03/wordpress-5-7-release-candidate-2/
On February 15, 2021, our Threat Intelligence team initiated the responsible disclosure process for a vulnerability that we discovered in User Profile Picture, a WordPress plugin installed on over 60,000 sites. The vulnerability made it possible for authenticated users with the upload_files capability to obtain sensitive user information. We initially reached out to Cozmoslabs, the […]
More info:
https://www.wordfence.com/blog/2021/03/medium-severity-vulnerability-patched-in-user-profile-picture-plugin/
You don’t have to be rich to have an online presence. You don’t have to find loopholes in proprietary platforms and hope that they never change their terms of service. You own all of the content that you create on a WordPress site and have the liberty to move it to a new host if […]
More info:
https://wordpress.org/news/2021/03/the-month-in-wordpress-february-2021/
New WordPress plugin and theme vulnerabilities were disclosed during the first week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-march-2021-part-1/
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be used to prevent fraud. Another reason is that social engineering […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/7CWjK9uypZA/trojan-spyware-and-bec-attacks.html
