2020 Year in Review: the best of WP White Security
2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White...
WordPress Security: The Ultimate Guide
Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin
In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to deploy better and faster solutions to our customers, minimizing...Uncovering Potential Issues with the Contact Form 7 Vulnerability: More Data Needed
On December 17, 2020, the Astra research security team disclosed that they had discovered a critical severity Unrestricted File Upload vulnerability in Contact Form 7, the most popular WordPress plugin of all time. The lead researcher, Jinson Varghese, also published...
WordPress Vulnerabilities Explained
Episode 100: How to Lose 6 Figures the Easy Way
The recent SolarWinds attack was incredibly sophisticated. What happens when that level of sophistication targets a homebuyer during one of the largest transactions of their lifetime? On this episode, we tell the story of an extremely difficult-to-detect spearphishing...Website File Changes Monitor 1.7.1: improved UX & other minor improvements
Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues...
Real-Time Phishing Kit Targets Brazilian Central Bank
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payment method created...