• Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin

    If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typically injects code into critical WordPress files, often manifesting as : Or in the database, when the vulnerable version of LiteSpeed Cache is exploited : decoded version: Cleanup Procedures Identifying Malicious URLs and IPs… More

  • New Malware Campaign Targets WP-Automatic Plugin

    A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in… More

  • How to Secure Your Website: Top Tips From Enterprise Security Experts

    What tools do you really need to secure a website? How to stay on budget without compromising. The most serious threats and vulnerabilities. More

  • Unauthenticated Stored XSS Fixed in WordPress Core

    WordPress Core recently released v6.5.2, fixing a Stored Cross‑Site Scripting issue in the Avatar block present in the 6.x versions. While investigating the patch made, we identified that it could lead to an Unauthenticated Stored Cross‑Site Scripting issue in the worse case scenario, however this case requires a specific configuration. Versions 6.5.2, 6.4.4, 6.3.4, 6.2.5, 6.1.6… More

  • What is an SQL Injection (SQLi)? How to Prevent SQLi Attacks

    Are your systems vulnerable? Everything you need to know about SQL injection attacks. See examples and learn how to detect and prevent them. More

  • The 16 Most Common Web Application Vulnerabilities Explained

    Did you know about all of these web application vulnerabilities? See how to defend against most threats in just 5 steps. Top tools for experts. More

  • 20 Website Security Services and How to Choose the Right One

    Which website security services do you really need? The most cost-effective solutions and the go-to tool enterprise experts use for threat analysis. More

  • Penetration Testing vs Vulnerability Scanning: Key Differences Explained

    Do you need both? Which is more cost-effective? Compare the benefits of penetration testing vs vulnerability testing & the best tools for strong results More

  • File Inclusion Vulnerability Fixed In Essential Blocks 4.4.3

    During an analysis of the Essential Blocks plugin, we discovered a pretty serious Local File Inclusion vulnerability that can be exploited by any attackers, regardless of whether they have an account on the site. When successfully exploited, this vulnerability may let attackers include arbitrary files hosted on the server to be parsed and executed as PHP… More

  • Hardening WordPress: 26 Steps to Harden WP Like an Expert

    The 8 foundational security measures you need to know. Understand the threat landscape & how to harden WordPress to protect your most important assets. More

Blog at WordPress.com.