• Unauthorized Plugin Installation/Activation in Hunk Companion

    This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution More

  • Identifying Traffic from Shell Finder Bots

    A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malware that is added by a threat actor after gaining unauthorized access to a website. The purpose of a backdoor shell is More

  • Unpatched Vulnerability in TI WooCommerce Wishlist Plugin

    A Few weeks ago an Sql Injection was discovered in the TI WooCommerce Wishlist plugin. After checking closer we found another entry point, affecting over 100,000 active installs. Despite the severity of this issue, the vendor have not yet provided a patch, leading to public disclosure. The vulnerability can be exploited by unauthenticated users, allowing More

  • Unauthenticated Privilege Escalation in Profile-Builder plugin

    During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalation Vulnerability which could allow attackers to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This vulnerability was fixed on More

  • Object Injection vulnerability fixed in SEOPress 7.9

    During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attackers to access certain protected REST API routes without having any kind of account on the targeted site. Digging deeper into what an attacker could do with this More

  • 10 of the Best Website Security Tools to Stay Ahead of Hackers

    Which website security tools are really necessary for your site? What to consider before investing in new software. 10 must-have tools you can’t skip. More

  • The 10 Best Vulnerability Scanners for Effective Web Security

    7 factors for choosing the best vulnerability scanner. Top options compared on features, pros, cons, & pricing. 5 things that make a great scanner More

  • A persistent twist in the current Malware Campaign

    Recently while covering malware campaigns exploiting the LiteCache and WP‑Automatic WordPress plugins, we found that attackers were installing php‑everywhere, a plugin that allows users to run arbitrary PHP code in their site’s posts. This plugin was closed on April 25th per its author’s request. The reasoning behind this installation was to have persistent malware on the More

  • Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

    If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typically injects code into critical WordPress files, often manifesting as : Or in the database, when the vulnerable version of LiteSpeed Cache is exploited : decoded version: Cleanup Procedures Identifying Malicious URLs and IPs More

  • New Malware Campaign Targets WP-Automatic Plugin

    A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in More