Category: Plugins

December 28, 2017 Arrunadayy Koul 1 comment

As per Dan Moen from Wordfence in the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. “Closing” a plugin means that it is no longer available for download from the repository, and will not show up in WordPress.org search results. Each of them had been purchased in the…

December 23, 2017 Arrunadayy Koul No comments exist

This week we published a security alert about a new wave of spam campaigns containing the Emotet banking trojan that can exploit Windows admin rights on users’ PC. We also included a protection guide to better fight against these online threats. 1. Top 25 Worst, Most Insecure Passwords Used in 2017 How secure are your passwords? Are you…

December 19, 2017 Arrunadayy Koul No comments exist

Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. In a blog post published on Tuesday,…

November 16, 2017 Arrunadayy Koul No comments exist

Security vulnerabilities have been discovered in three popular WordPress plugins: Duplicator, Formidable Forms and Yoast SEO. The details of the vulnerabilities are as follows: Duplicator 1.2.28 and older vulnerable to stored XSS WPVulnDB also reports that the Duplicator, running on over 1 million active sites, fixed a stored cross site scripting vulnerability affecting versions 1.2.28 and older. This report…

November 11, 2017 Arrunadayy Koul 1 comment

WordPress recently removed a plugin known as “Animated Weather Widget by weatherfor.us.” from plugin repository. It appears that the plugin was removed for including JavaScript code that would mine cryptocurrency using the CPU resources of site visitors. How It Worked: A WordPress site owner installs the “Animated Weather” plugin. The plugin loads an iframe. This…

October 24, 2017 Arrunadayy Koul 1 comment

Last month, Wordfence identified three plugins with critical object injection vulnerabilities, all being exploited in the wild. After that they deployed new and improved firewall rules to block that kind of exploit. Wordfence while analyzing their attack data, recently discovered that hackers were actively exploiting a similar vulnerability in the Contact Form for WordPress – Ultimate Form Builder Lite plugin…

September 17, 2017 Arrunadayy Koul 1 comment

An extremely relentless harmful star included a backdoor to a WordPress plugin called Display Widgets that Set Up backdoors on potentially 200,000 internet sites since June 21. The hacker utilized the open-source Display Widgets plugin, which lets customers manage exactly how their WordPress plugins appear on their sites, as the delivery device for the backdoor….

August 11, 2017 Arrunadayy Koul 6 comments

Creating SEO friendly images is simple to do, yet many website owners neglect this valuable source of search engine traffic. To make it even more simple, WordPress has some great tools built in to help you optimize your images, and you use the All-in-One SEO Pack to maximize your optimization. The most important thing to…