April’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
Between both Sucuri and PacketStorm, April was a busy month in WordPress security and threats.
Sucuri Coverage
- New WooThemes Vulnerability Patched – Update Framework Now!
- Ransomware Malware on the Web?
- Sucuri Security WordPress Plugin Free To Clients: Getting Proactive with Web Malware
- Malware campaign against WordPress sites (recovery-hdd dot eu)
- Nikjju SQL injection update (now hgbyju. com/r.php)
- Web Malware Trends and the Mac Flashfake / Flashback Outbreak
- WordPress Security Release – Upgrade to 3.3.2 TODAY
- Nikjju Mass injection campaign (180k+ pages compromised)
- GetMama – Conditional malware affecting thousands of sites
Packet Storm Coverage
- WordPress WPsc-MijnPress Cross Site Scripting
- WordPress Bruteforce Script
- WordPress 3.3.1 Cross Site Request Forgery
- WordPress Zingiri Web Shop 2.4.0 Cross Site Scripting
- WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload
- WordPress Organizer 1.2.1 Cross Site Scripting / Path Disclosure
- WordPress Zingiri Tickets File Disclosure
- Yahoo Answer WordPress Auto Poster Cross Site Scripting
- WordPress All-In-One Event Calendar 1.4 Cross Site Scripting
- WordPress Taggator SQL Injection
- WordPress Buddypress SQL Injection
via Packet Storm and the Sucuri Research Blog
Jonathan Dingman is a passionate blogger who loves writing about WordPress news, reporting on events, theme releases, awesome plugins, and more. He started using WordPress in 2004 and ran the first WordCamp NYC in 2008.