The WooCommerce Checkout Manager has been reported by PluginVulnerabilities.com for being vulnerable in arbitrary file uploads. The exploit could be activated by an unauthenticated remote attacker when the plugin "Categorize Uploaded Files" option is enabled. In this case, the attacker cloud brute-force or guess an existing order id number and execute arbitrary server-side script code in the WooCommerce website with the active WooCommerce Checkout Manager plugin. Apparently, WooCommerce … [Read more...] about WooCommerce Checkout Manager 4.2.6 Vulnerability
Exploit
Easy WP SMTP v.1.3.9 Hacked Fix
Easy WP SMTP 0-Day vulnerability Easy WP SMTP is a very popular WordPress plugin that routes outgoing emails from a WordPress site to an SMTP server of choice. It is a great tool for resolving issues with email delivery. We have used it on many occasions with our client sites. It has 300,000+ active installs and is regularly updated. This is why it came as a shock when it was reported that the latest version of the plugin (1.3.9) had a serious security issue that led to a lot of sites being … [Read more...] about Easy WP SMTP v.1.3.9 Hacked Fix
New admins under the names t2trollherten and t3trollherten? You’re probably hacked!
WP GDPR Compliance Vulnerability Updated: 18 November 2018 If you recently discovered that your WordPress site had one or two new admins added under the names of t2trollherten and t3trollherten then your site is probably hacked already! The Story Once upon a -recent- time, there was a new set of privacy regulations published by the European Union to replace the Data Protection Directive which was first published in 1995. These rules are called General Data Protection … [Read more...] about New admins under the names t2trollherten and t3trollherten? You’re probably hacked!
WordPress Duplicator Plugin Exploit
As it seems one of the most popular WordPress plugins called Duplicator after being used for a site migration or duplication it leaves WordPress sites open to remote code execution attacks(RCE). We've received a dozen requests to clean WordPress hacked websites which contained malware generated from the Duplicator RCE exploit. Fortunately, this vulnerability is being exploited on an older version of Duplicator(installer version must be older than v1.2.42) so if you're using the latest version … [Read more...] about WordPress Duplicator Plugin Exploit
Recent Memcached Exploit can lead to a DDoS Attack
What is Memached Memcached is a free and open source memory caching system which is using RAM to store small amounts of data objects(less than 1MB each) reducing database load significantly. Memcached Exploit Memcached versions before 1.5.6 had been exploited so misconfigured memcached servers could be used to start DDoS attacks. Attack was first reported by Cloudflare on Tuesday the 27th of February 2018 after noticing a significant increase in the number of DDoS attacks using UDP … [Read more...] about Recent Memcached Exploit can lead to a DDoS Attack