Top

Tag Archives | wordpress

RCE Attempts Against the Latest WordPress API Vulnerability

We are see remote command execution (RCE) attempts trying to exploit the latest WordPress API Vulnerability. The attackers trying to exploit sites that have plugins like the Insert PHP, Exec-PHP and similar installed plugins. These plugins, allow users to insert PHP code directly into the posts as a way to make customizations easier. Coupled with […]

Continue Reading

Content Injection Vulnerability in WordPress 4.7.x API

A new dangerous content injection vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. A fix for this was silently included on version 4.7.2 along with other less severe issues. Introduction This privilege escalation vulnerability affects the WordPress REST API that was recently added […]

Continue Reading

common.php (Object Injection Vulnerability in Backup & Restore Dropbox)

WordPress plugin Backup & Restore Dropbox have PHP Object Injection Vulnerability. It’s allow remote download malware to the server. This vulnerability founded by pluginvulnerabilities.com and published it. We found that vulnerability try malware download common.php malware to server via FTP Protocol. Real Post Payload First file_get_contents download common.php malware and file_put_contents write it to server. […]

Continue Reading

Functions.php contains backdoor

This malware is very clever, because it’s hiding Malware Data to inside WordPress database and Itself code in themes functions.php file. Hacker/or botnetwork can always send POST data to update or add a new Data to Database. Same time it puts Malware Data to the PHP script and it loaded, executed and last command it […]

Continue Reading

gzpdecode.php

WordPress Vulnerability in Cherry Plugin – Arbitrary File Upload The Vulnerability allow an attacker to upload all types of files without administrator login. /wp-content/plugins/cherry-plugin/admin/import-export/upload.php This is fixed latest version of Cherry Plugin, but all customers won’t update their website and files. Interesting comes heres, botnetwork search this old vulnerability and if found they upload malware […]

Continue Reading

yiw_contact sendemail file upload vulnerability

Looking better POST payload, header looks normal request: In the below HTTP Post, there were 2 parameters that started with yiw. This indicates that the attacker is likely trying to explpoit the Beauty & Clean Theme File Upload WordPress Vulnerability which is literally as simple as posting your backdoor file to the contact field via […]

Continue Reading

work1.php

This is old Arbitrary File Upload Vulnerability in Cherry Plugin (Worpdress). Malware tries patch .htaccess files and add own redirect that file. When a user access website with correct browser, then redirect activates and redirect user to another page. Last malware unlink (removes) itself. Full sourcecode

Continue Reading

wp.php

If we look inside this PHP script (only a small part of the code): Execute wp.php If we run this, we found PHP Command shell WSO 2.5 (backdoor) this file: Detect this malware Malware Expert – Signatures found this malware from php code, if you want use our signatures for free.

Continue Reading