Jonas Lejon

WPScans is now available as a Hidden Service on Tor

You can now connect to WPScans using the Tor onion network. WPScans is now a Hidden Service and you can use the following address to reach WPScans from TorBrowser or Tails: wpscanskzvjc4s2s.onion This is a screenshot from the Tor Browser: Screenshot from The Amnesic Incognito Live System, Tails visiting the onion url:

WordPress Vulnerability Testing with Nmap

Nmap is one our favorite tool when it comes to security testing (except for WPSec.com). Nmap was created in 1997 by Gordon Lyon aka Fyodor. The current version 7.60 contains about 580 different NSE-scripts (Nmap Scripting Engine) used for different security checks or information gathering and about six of them are related to WordPress. Our first test is to just …

WordPress Vulnerability Testing with Nmap Read More »

New WordPress vulnerability checks week 40

The following three new WordPress plugin vulnerability checks has been added to WPScans. More than 21 new checks for Cross-Site Scripting, XSS, CSRF, backdoors and SQL-injections: BackupGuard <= 1.1.46 – Authenticated Cross-Site Scripting (XSS) WooCommerce Product Vendors Plugin <= 2.0.27 – Unauthenticated Reflected XSS Participants Database <= 1.7.5.9 – Cross-Site Scripting Display Widgets 2.6.0-2.6.3.1 – …

New WordPress vulnerability checks week 40 Read More »

Finding PHP and WordPress Backdoors using antivirus and Indicator of Compromise

From time to time we do forensic investigations of WordPress breakins. When we do the investigation there is often one or more backdoors placed in the filesystem or modified legit WordPress-related files in wp-includes, themes or plugins. This is not only related to WordPress but all sites running PHP such as Drupal, Magento etc. Finding …

Finding PHP and WordPress Backdoors using antivirus and Indicator of Compromise Read More »

The Optionsbleed Apache Vulnerability and WordPress

During the weekend our CTO Jonas Lejon has been doing some research into the most recent Apache vulnerability named Optionsbleed. The Optionsbleed vulnerability is a bug in the Apache webserver and makes it possible for an attacker to read remote webserver memory such as session cookies, password etc. The Apache is a very common webserver …

The Optionsbleed Apache Vulnerability and WordPress Read More »

WordPress 4.8.2 Security Release

👉 Run a free WordPress Security Scan at WPScans.com > WordPress 4.8.2 is now available for download at WordPress.org. This is a security release for all previous versions and WPScans strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to …

WordPress 4.8.2 Security Release Read More »

XSS in popular WooCommerce Product Vendors plugin

  The popular WooCommerce WordPress plugin, used by 28 percent of all online stores, was just patched against a reflected cross-site scripting vulnerability (XSS). The vulnerability was found by the company SiteLock. The plugin vulnerability was disclosed to Automattic, the owner of, via its HackerOne security bounty program. The fix for the vulnerability was released on July …

XSS in popular WooCommerce Product Vendors plugin Read More »

New WordPress vulnerability checks week 34

The following three new WordPress plugin vulnerability checks has been added to WPScans: Embed Images in Comments <= 0.5 – Unauthenticated Stored XSS Bridge Theme <= 11.1 – DOM Cross-Site Scripting (XSS) Photo Gallery by WD <= 1.3.50 – Authenticated SQL Injection Run your free scan at https://wpscans.com

Using OSSEC to monitor directory and file changes in WordPress

OSSEC is an open source host-based intrusion detection system (HIDS) that can be used to monitor file system changes on an operating system. In this article, you’ll learn how to use it to monitor directory and file system changes on WordPress installations. OSSEC in a manager-agent HIDS, where the manager and agent can be installed …

Using OSSEC to monitor directory and file changes in WordPress Read More »