Global CyberSecurity

Vulnerable Plugin Exploited in Spam Redirect Campaign


Last Updated on 07/21/2021 by OTC

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin.

Continue reading Vulnerable Plugin Exploited in Spam Redirect Campaign at Sucuri Blog.

P-8 Poseidon: The New Generation Submarine Hunter

Previous article

Engage shoppers with deal pages in Google Search

Next article

You may also like


Comments are closed.