Jonas Lejon

WordPress Backdoor detection

WPSec can now detect at least three different backdoored WordPress plugins. The plugins are: Duplicate Page and Post 2.1.0-2.1.1 No Follow All External Links 2.1.0-2.3.0 WP No External Links 4.2.1-4.3 We recommend that you run the free scan available at www.wpsec.com

How to sniff WordPress login credentials with Wireshark over an HTTP connection

Wireshark is a network protocol analyzer that can provide granular visibility on traffic traversing your network. It runs on a wide variety of operating systems and can be used it to view live traffic or capture traffic to a file for offline analysis. Virtually all known network protocols are supported, including IPsec, ISAKMP, Kerberos, SNMPv3, …

How to sniff WordPress login credentials with Wireshark over an HTTP connection Read More »

New WordPress Vulnerability checks – Week 49

WPScans.com has been updated with the following new vulnerability checks: Content Cards <= 0.9.6 – Cross-Site Scripting (XSS) WP Mailster <= 1.5.4 – Unauthenticated Cross-Site Scripting (XSS) Apocalypse Meow <= 21.2.7 – BCrypt Authentication Bypass Smart Marketing SMS and Newsletters Forms <= 1.1.1 – Unauthenticated Cross-Site Scripting (XSS) Run your free WordPress Security Scan at …

New WordPress Vulnerability checks – Week 49 Read More »

WordPress 4.9.1 Security and Maintenance Update

WordPress 4.9.1 has now been released. This update is a security and maintenance release for all versions since WordPress 3.7. WPScans strongly encourage you to update your WordPress sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core …

WordPress 4.9.1 Security and Maintenance Update Read More »

WordPress 4.8.3 Security Release

A new WordPress version was just release. This new version addresses a security problem with the $wpdb->prepare() function. From the release notes: WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added …

WordPress 4.8.3 Security Release Read More »

WPScans is now available as a Hidden Service on Tor

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

WordPress Vulnerability Testing with Nmap

Nmap is one our favorite tool when it comes to security testing (except for WPSec.com). Nmap was created in 1997 by Gordon Lyon aka Fyodor. The current version 7.60 contains about 580 different NSE-scripts (Nmap Scripting Engine) used for different security checks or information gathering and about six of them are related to WordPress. Our first test is to just …

WordPress Vulnerability Testing with Nmap Read More »

New WordPress vulnerability checks week 40

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – …

New WordPress vulnerability checks week 40 Read More »

Finding PHP and WordPress Backdoors using antivirus and Indicator of Compromise

From time to time we do forensic investigations of WordPress breakins. When we do the investigation there is often one or more backdoors placed in the filesystem or modified legit WordPress-related files in wp-includes, themes or plugins. This is not only related to WordPress but all sites running PHP such as Drupal, Magento etc. Finding …

Finding PHP and WordPress Backdoors using antivirus and Indicator of Compromise Read More »

The Optionsbleed Apache Vulnerability and WordPress

During the weekend our CTO Jonas Lejon has been doing some research into the most recent Apache vulnerability named Optionsbleed. The Optionsbleed vulnerability is a bug in the Apache webserver and makes it possible for an attacker to read remote webserver memory such as session cookies, password etc. The Apache is a very common webserver …

The Optionsbleed Apache Vulnerability and WordPress Read More »