WordPress has a new Security and Maintenance Release so please update your websites as soon as possible if they haven’t updated automatically yet. This release includes 14 fixes, it’s a short-cycle maintenance release, so according to WordPress team, there will be another update in the matter of several weeks.
What’s fixed? Well, there were several critical security issues one of them related to comments (filtering and storing them in the database) which allowed to execute Cross-Site Scripting (XSS) attack by the maliciously crafted comment. This WordPress vulnerability discovered by Simon Scannell from RIPS Technologies. All latest versions like 5.1 and earlier releases are affected so once again – please update now!
Continue reading WordPress 5.1.1 Security and Maintenance Release available to download
Recently disclosed WordPress vulnerability made a massive shock to some WordPress community members. It’s not the vulnerability itself. Some users were shocked by the fact that it was already reported to the WordPress Security team about seven months ago. Well, let’s analyze everything step by step.
Disclosed WordPress vulnerability
First of all, relax. I can say that most of the WordPress sites are not affected by this vulnerability. In order to exploit this vulnerability, certain conditions are required. In this case, an attacker must have sufficient rights to edit and delete media files (for example “author” role or any custom role with the previously mentioned rights). There are several possible ways to affect site security by exploiting this vulnerability.
Continue reading Disclosed WordPress vulnerability affects current 4.9.6 and earlier WordPress versions
Multidots Inc. is a software development company from India that has developed a wide range of various WordPress plugins. About a month ago ThreatPress Security Research Team found a lot of vulnerabilities in ten plugins designed by Multidots to extend the capabilities of WooCommerce. As you can understand, these plugins designed for online stores powered by WooCommerce / WordPress. ThreatPress notified the Multidots instantly about the issues with their WordPress plugins, usually developer fixes problem as soon as possible, but in this case, everything went quite a different way.
Vulnerable plugins by Multidots
So, overall ThreatPress found that there are ten vulnerable plugins. All of them hosted on WordPress.org plugin repository. Here’s the list of these plugins (plugin name, active installs and vulnerability type):
Continue reading WordPress plugins for WooCommerce by Multidots endangered thousands of online stores
WordPress plugins, and more precisely their security is one of the most common causes of website hacks. There are more than 55,000 plugins available on the WordPress.org plugin directory. More of them are available at Codecanyon and other similar plugin directories or numerous plugin vendor sites. Checking all the code lines of each plugin is impossible. No one knows how much of them are vulnerable. Vulnerable plugins periodically identified by WordPress community or WordPress security companies.
In most cases, these vulnerabilities fixed as soon as possible. But sometimes WordPress Security Team closes vulnerable plugins if there are no updates from authors within a specified period or plugin poses a high threat. And here we have a huge problem. By closing a vulnerable plugin WordPress Security Team protects all users from downloading an unsafe software, but what about those who already have those plugins installed on their websites?
Closed WordPress plugins by Multidots
I will write a separate post about this case, but now I want to use it as an example. Recently WordPress security company ThreatPress found ten vulnerable WordPress plugins designed for WooCommerce function extension. They notified Multidots Inc. about the security issues of their products. Later ThreatPress research team informed WordPress Security Team since there were no updates for several weeks. All ten plugins – closed. Continue reading WordPress plugins – closed, abandoned and dangerous
I have already written about the danger to your website caused by insecurely stored back up files. However, it was a case when I was able to find FTP credentials used by Updraft backup WordPress plugin stored in the back up of the database. I think this is the most straightforward hacking technique ever and it doesn’t require specialised knowledge or software to perform the hack. But today I will tell you about the more sophisticated method.
So, let’s begin with the very first step of this hacking method. As I mentioned in the previous post, some Google dorks could lead you to websites with unprotected backup files due to the open directory listing. Trust me, there are hundreds if not thousands of such sites, and you can find them by applying various dorks since various WordPress backup plugins have different file naming scheme.
OK, now when you have a potential list of vulnerable websites, it’s time to pick up one and proceed with other steps. We are looking for sites with backups of the database which you can use on your local machine. Download the WordPress database file, and you’re ready to start the hack. Continue reading Hacking website with brute-force type attack on a local machine
WordPress backup files is an excellent way to ensure you can restore your website without any data loss. Making backups is a good practice, and I highly recommend to make copies of your website files and database periodically. In case of security breach, website defacing or other disasters these copies will save you a lot of time and maybe money. But sometimes these files may be the reason why your WordPress site got hacked. A few days ago I made a small researched to find out the threats caused by backup files.
WordPress backup plugins
There are a lot of different backup plugins for WordPress on the WordPress.org plugin repository. Also, there are many various premium plugins available outside. All these plugins have the same primary function, to make a backup of your precious data. Some of them offer simple backing up functions, some of them are more sophisticated and could provide more features to manage the backing up process. To do the research I need to pick up a target, right? So I picked up the most popular WordPress backup plugin that is available in WordPress plugin repository – UpdraftPlus WordPress Backup Plugin. Continue reading WordPress backup files may endanger your website
ThreatPress published a summary of all WordPress vulnerabilities detected in the 2017 year. This beautiful info-graphic (below) gives statistical information collected from ThreatPress database of WordPress vulnerabilities and data available on such open sources like WordPress.org website.
All of the WordPress plugins that were marked as vulnerable in the 2017 year have more than seventeen million active installs. Just imagine how many sites were at potential risk. I think we’re talking about a number that exceeds five million websites. Five million!!! OK, let’s see what more do we have on this infographic.
ThreatPress 2017 year report in numbers
- 221 vulnerability added to the database of WordPress vulnerabilities compared to the 234 vulnerabilities in the 2016 year.
- 202 plugins were identified as vulnerable, 153 of them hosted on WordPress.org plugin repository.
- 5 WordPress themes were identified as vulnerable, this number could be much bigger, but it’s hard to access and check themes from premium repositories.
- The most common vulnerability type was a Cross-Site Scripting (XSS) with a SQL Injection (SQLi) on a second place and Broken Access Control on the third.
- Other quite common vulnerability types in the 2017 year were Cross-Site Request Forgery (CSRF), Arbitrary File Upload, BYPASS, Arbitrary File Download, PHP Object Injection and Local File Inclusion.
- Top five vulnerable plugins in the 2017 year (by the number of active installs according to WordPress.org data) were Yoast SEO, WooCommerce, Smush Image Compression and Optimisation, Duplicator and Loginizer.
- There were 8 WordPress security-related releases in the 2017 year.
Continue reading ThreatPress report of WordPress vulnerabilities for the 2017 year
Houston, we have a problem! A serious problem that theoretically can affect one-third of all websites on the Internet. Recently Israeli security researcher Barak Tawily found a WordPress vulnerability that can lead to a massive DoS attack. DoS attack is a type of cyber-attack when an attacker drains network or server resources by flooding it with an enormous amount of requests. Every request needs some resources, but if you’re capable of making a lot of these requests or you find a way to drain more resources with fewer requests you’ll finally make the network or server inaccessible for the time of the attack.
Do not confuse DoS attacks with DDoS attacks, DoS (denial-of-service attack) attacks run from a single source of requests and DDoS (distributed denial-of-service attack) need more than one request sources. In this case, we are talking about attacks that are possible to execute from a single request source (for example one computer). The success of a DoS attack is directly dependent on how many requests a hacker can generate and how much it consumes server or network resources. Usually, DDoS attacks are more efficient than DoS attacks. But in this case, a single attacker could make a significant load on the server and create the real denial-of-service situation.
Continue reading One third of all websites may be under the DoS attack at any time