April’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
Between both Sucuri and PacketStorm, April was a busy month in WordPress security and threats.
- New WooThemes Vulnerability Patched – Update Framework Now!
- Ransomware Malware on the Web?
- Sucuri Security WordPress Plugin Free To Clients: Getting Proactive with Web Malware
- Malware campaign against WordPress sites (recovery-hdd dot eu)
- Nikjju SQL injection update (now hgbyju. com/r.php)
- Web Malware Trends and the Mac Flashfake / Flashback Outbreak
- WordPress Security Release – Upgrade to 3.3.2 TODAY
- Nikjju Mass injection campaign (180k+ pages compromised)
- GetMama – Conditional malware affecting thousands of sites
Packet Storm Coverage
- WordPress WPsc-MijnPress Cross Site Scripting
- WordPress Bruteforce Script
- WordPress 3.3.1 Cross Site Request Forgery
- WordPress Zingiri Web Shop 2.4.0 Cross Site Scripting
- WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload
- WordPress Organizer 1.2.1 Cross Site Scripting / Path Disclosure
- WordPress Zingiri Tickets File Disclosure
- Yahoo Answer WordPress Auto Poster Cross Site Scripting
- WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
- WordPress Taggator SQL Injection
- WordPress Buddypress SQL Injection