A new dangerous content injection vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. A fix for this was silently included on version 4.7.2 along with other less severe issues. Introduction This privilege escalation vulnerability affects the WordPress REST API that was recently added […]
Tag Archives | wordpress
WordPress plugin Backup & Restore Dropbox have PHP Object Injection Vulnerability. It’s allow remote download malware to the server. This vulnerability founded by pluginvulnerabilities.com and published it. We found that vulnerability try malware download common.php malware to server via FTP Protocol. Real Post Payload First file_get_contents download common.php malware and file_put_contents write it to server. […]
This malware is very clever, because it’s hiding Malware Data to inside WordPress database and Itself code in themes functions.php file. Hacker/or botnetwork can always send POST data to update or add a new Data to Database. Same time it puts Malware Data to the PHP script and it loaded, executed and last command it […]
WordPress Vulnerability in Cherry Plugin – Arbitrary File Upload The Vulnerability allow an attacker to upload all types of files without administrator login. /wp-content/plugins/cherry-plugin/admin/import-export/upload.php This is fixed latest version of Cherry Plugin, but all customers won’t update their website and files. Interesting comes heres, botnetwork search this old vulnerability and if found they upload malware […]
Looking better POST payload, header looks normal request: In the below HTTP Post, there were 2 parameters that started with yiw. This indicates that the attacker is likely trying to explpoit the Beauty & Clean Theme File Upload WordPress Vulnerability which is literally as simple as posting your backdoor file to the contact field via […]
This is old Arbitrary File Upload Vulnerability in Cherry Plugin (Worpdress). Malware tries patch .htaccess files and add own redirect that file. When a user access website with correct browser, then redirect activates and redirect user to another page. Last malware unlink (removes) itself. Full sourcecode
If we look inside this PHP script (only a small part of the code): Execute wp.php If we run this, we found PHP Command shell WSO 2.5 (backdoor) this file: Detect this malware Malware Expert – Signatures found this malware from php code, if you want use our signatures for free.