March’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
It was a pretty quiet month for security issues with WordPress, thankfully.
Sucuri Coverage
- Web Hosting Provider ServerPro Hacked, Defaced, & Blacklisted by Google
- A Little Tale About Website Cross-Contamination
- Conditional Redirect Malware Decoded – Eval base64_decode Example
- Brute force attacks against WordPress sites
- WordPress – Understanding its True Vulnerability
- Intelligent (Pharma) Spam Decoded
- WordPress Third Party Vulnerability – Deans FCKEditor with PWWANGS Code for WordPress(version 1.0.0)
- Website Cross-contamination: Blackhat SEO Spam Malware
- Varying Degrees of Malware Injections Decoded
Packet Storm Coverage
- WordPress 3.3.1 Post-Auth Cross Site Scripting
- WordPress 3.3.1 Post-Auth Information Disclosure
- WordPress 3.3.1 Post-Auth SQL Injection
- WordPress 3.3.1 User Count Enumeration
- WordPress Photoracer SQL Injection
- WordPress Integrator 1.32 Cross Site Scripting
- WordPress Deans With Pwwangs Code Shell Upload
- WordPress Register Plus Redux Cross Site Scripting
via Packet Storm and the Sucuri Research Blog
Jonathan Dingman is a passionate blogger who loves writing about WordPress news, reporting on events, theme releases, awesome plugins, and more. He started using WordPress in 2004 and ran the first WordCamp NYC in 2008.