Tag Archive | "wordpress"


22 November 2014 | 1,264 views

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild. The most recent time was this year actually, but was a DoS attack, which is not THAT […]

Continue Reading


11 August 2014 | 3,154 views

XML Quadratic Blowup Attack Blows Up WordPress & Drupal

This was a pretty interesting piece of news for me last week as I was actually affected by it (I think?). It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server. It didn’t completely take […]

Continue Reading


18 April 2013 | 6,718 views

Large Scale Botnet Brute Force Password Cracking Against WordPress Sites

There have always been a lot of brute force attempts/bot scans and hacking attempts on WordPress hosted sites (due to flaws in the core and a multitude of insecure plugins) – this site being no exception (they’ve even done some minor damage before). But things appear to have really ramped up recently with a large […]

Continue Reading


05 April 2012 | 1,025 views

Server Migration – Moved To Linode! And Changed To Nginx/PHP-FPM/APC/W3TC

So lately I’ve being doing a lot more DevOps stuff than security stuff and I’m pretty much enjoying it (apart from some of the tedious sys-admin stuff). So with some of the new stuff I’ve learnt along the way, I decided to move Darknet from a rather bloated managed VPS with 2GB of RAM and […]

Continue Reading


03 August 2011 | 11,306 views

Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites

This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used […]

Continue Reading


12 July 2011 | 16,820 views

WPScan – WordPress Security/Vulnerability Scanner

WPScan is a vulnerability scanner which checks the security of WordPress installations using a black box approach (scanning without any prior knowledge of what has been installed etc). Features Username enumeration (from author querystring and location header) Weak password cracking (multithreaded) Version enumeration (from generator meta tag) Vulnerability enumeration (based on version) Plugin enumeration (2220 […]

Continue Reading


12 August 2009 | 53,709 views

WordPress 2.8.3 Admin Reset Exploit

Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but […]

Continue Reading


16 October 2007 | 2,289 views

Posts Restored & Business (almost) Back to Usual

Ok I’ve just painstakingly restored all the posts I could find since September 10th until now from Google Cache. I’ve worked out the maximum posts missing would be 1 as I could get the cache back to September 12th and the latest post before that is September 10th, or I might not have posted on […]

Continue Reading


17 January 2007 | 4,555 views

WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to […]

Continue Reading


09 January 2007 | 15,300 views

WordPress 2.0.5 Trackback Vulnerability with Exploit

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing […]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·