How hackers create hidden admin users on your WordPress blog.
Very often, when we clean up a hacked WordPress website, we found hidden admin users created by the attackers. In this post, we will see how hackers manage to create and hide them.
Tag: WordPress
Unauthenticated function injection vulnerability fixed in 15 WordPress themes.
Fifteen WordPress themes were prone to critical unauthenticated function injection and privilege escalation vulnerabilities.
More WordPress plugins and themes vulnerable to CSRF attacks.
Additional WordPress plugins and themes were found to be vulnerable to CSRF attacks.
WordPress Simple:Press plugin fixed critical vulnerabilities.
The WordPress Simple:Press plugin (600+ active installations) fixed a broken access control vulnerability affecting version 6.6.0 and below that could lead to unauthenticated arbitrary file upload and remote code execution.
When some developers of WordPress plugin and theme go rogue.
While cleaning-up a hacked WordPress site, we found that some malicious code was added to the theme by its developers.