News

Unauthenticated Stored XSS Vulnerability Patched in Ultimate Member WordPress Plugin

By István Márton / March 8, 2024

On February 28th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an unauthenticated stored Cross-Site Scripting (XSS) vulnerability in Ultimate Member, a WordPress plugin with more than 200,000+ active installations. This vulnerability can be leveraged to inject malicious web scripts. Props to stealthcopter who discovered and responsibly reported this vulnerability through […]

Read More

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

By Puja Srivastava / March 7, 2024

In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve started seeing an uptick in attacks from a new malware campaign targeting this same Popup […]

Read More

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)

By Chloe Chamberland / March 7, 2024

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000,  for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 119 vulnerabilities disclosed in 85 WordPress Plugins and 3 WordPress Themes that have been […]

Read More

MalCare’s New Firewall XSS Rules

By Anurag Changmai / March 7, 2024

Of late, XSS attacks have become increasingly complex, using JavaScript functions to compromise websites. Such vulnerabilities can lead to severe consequences, including unauthorized admin creation and the installation of malware. Sites can be entirely taken over with a single attack request.  Our research and analysis revealed a troubling trend: the methods employed by attackers are […]

Read More

MalCare Proactively blocks 100,000+ attacks Targeting Popup Builder XSS vulnerability

By Anurag Changmai / March 7, 2024

MalCare has been proactively blocking over 100,000 cross-site scripting (XSS) attacks daily targeting customer websites. These attacks attempt to exploit a vulnerability found in the popular Popup Builder plugin, and MalCare’s Atomic Security has stopped them cold—without needing a special patch.  This vulnerability has seen a huge volume of attacks because it has a very […]

Read More

From Web3 Drainer to Distributed WordPress Brute Force Attack

By Denis Sinegubko / March 5, 2024

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]

Read More

WP Umbrella Review: Features, Pricing and Details

By Shreya / March 3, 2024

Managing a WordPress site has two big tasks: keep an eye on things (monitor) and keep things running well (maintain). Without good management, your website is at risk. Your visitors’ experience worsens. Your place on Google search results can drop. You could even start losing money. Trying to keep an eye on all this stuff […]

Read More

11 Managed WordPress Security Services To Effectively Keep Out Threats

By Shreya / March 3, 2024

Every website owner knows that security should be a top priority but, what is the best way to do so? There are a few routes you can take. You can manage security by configuring a security plugin like MalCare. You can also get some modicum of security by choosing a secure web hosting provider—but those […]

Read More

New Wave of SocGholish Infections Impersonates WordPress Plugins

By Ben Martin / March 1, 2024

SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]

Read More

About Us

I believe that everyone should have a mechanic that they can trust and after spending several years helping out various customers for large companies I've seen my fair share of issues.

Honesty, Integrity, and Compassion are what we share with everyone that we work with. Stop scouring the internet for help and see how we can help you today.

Our Services

Website Migrations

Plugin & Theme Updates

IDX Broker Customizations

Facebook Chatbots

DNS & Email Integrations