Part I of our 2021 Security Walkthrough shows the initial 5 posts of our top 10.
6 – Vulnerable Plugin Exploited in Spam Redirect Campaign
It was brought to our malware research team’s attention that a vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. The type of vulnerability found is known as a privilege escalation, which essentially allows a user to gain elevated access by exploiting a bug, and can allow files to be uploaded.
Continue reading A Walk Through a Year of Website Security: Part II at Sucuri Blog.