Analyzing a WooCommerce Credit Card Skimmer

By Liam Smith / May 19, 2022

The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection. During a recent investigation for an infected WordPress website, we discovered an obfuscated credit card stealer hiding amongst the website’s theme […]

Read More

Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes

By Ram Gall / May 18, 2022

On April 5, 2022, the Wordfence Threat Intelligence team initiated the responsible disclosure process for a set of vulnerabilities in the Jupiter and JupiterX Premium themes and the required JupiterX Core companion plugin for WordPress, which included a critical privilege escalation vulnerability that allowed any user to become an administrator. The plugin developers quickly replied […]

Read More

X-Cart Skimmer with DOM-based Obfuscation

By Denis Sinegubko / May 17, 2022

Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side. X-Cart’s e-commerce platform is not nearly as popular as Magento or WooCommerce and as a result we don’t see as many threat actors targeting it. While […]

Read More

Millions of Attacks Target Tatsu Builder Plugin

By Ram Gall / May 16, 2022

The Wordfence Threat Intelligence team has been tracking a large-scale attack against a Remote Code Execution vulnerability in Tatsu Builder, which is tracked by CVE-2021-25094 and was publicly disclosed on March 24, 2022 by an independent security researcher. The issue is present in vulnerable versions of both the free and premium Tatsu Builder plugin. Tatsu […]

Read More

Massive WordPress JavaScript Injection Campaign Redirects to Ads 

By Krasimir Konov / May 11, 2022

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts […]

Read More

Examining Emerging Backdoors

By Ben Martin / May 10, 2022

Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors! Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a “foot in the door” to execute their payload. We see […]

Read More

What Happens During a DDoS Attack and How to Know if You Are Under an Attack

By Stephen Johnston / May 7, 2022

Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.  In this article, we’ll focus on how to know if you’ve been DDoSed, how to spot a DDoS attack, and how to […]

Read More

Manually Identifying an X-Cart Credit Card Skimmer

By Liam Smith / May 5, 2022

During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research and remediation teams frequently find credit card skimmers on Magento […]

Read More

WooCommerce Credit Card Skimmers Concealed In Fake Images

By Matt Morrow / May 3, 2022

Our research and remediation teams have noticed an increase in WooCommerce credit card skimmers on client sites over the past few years, as detailed in past blog posts. Due to the increased number of plugins and components facilitating online payments and its ease of use, WordPress has become a common e-commerce platform — and the […]

Read More

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations