March’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
It was a pretty quiet month for security issues with WordPress, thankfully.
- Web Hosting Provider ServerPro Hacked, Defaced, & Blacklisted by Google
- A Little Tale About Website Cross-Contamination
- Conditional Redirect Malware Decoded – Eval base64_decode Example
- Brute force attacks against WordPress sites
- WordPress – Understanding its True Vulnerability
- Intelligent (Pharma) Spam Decoded
- WordPress Third Party Vulnerability – Deans FCKEditor with PWWANGS Code for WordPress(version 1.0.0)
- Website Cross-contamination: Blackhat SEO Spam Malware
- Varying Degrees of Malware Injections Decoded
Packet Storm Coverage
- WordPress 3.3.1 Post-Auth Cross Site Scripting
- WordPress 3.3.1 Post-Auth Information Disclosure
- WordPress 3.3.1 Post-Auth SQL Injection
- WordPress 3.3.1 User Count Enumeration
- WordPress Photoracer SQL Injection
- WordPress Integrator 1.32 Cross Site Scripting
- WordPress Deans With Pwwangs Code Shell Upload
- WordPress Register Plus Redux Cross Site Scripting