Connect with us

Hacked Websites

Vulnerable Plugin Exploited in Spam Redirect Campaign

Published

on

Vulnerable Plugin Exploited in Spam Redirect Campaign



Vulnerable Plugin Exploited in Spam Redirect Campaign

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin.

Continue reading Vulnerable Plugin Exploited in Spam Redirect Campaign at Sucuri Blog.



Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.