Check WordPress Core files integrity

Check the md5 checksum of WordPress Core files against WordPress’ checksums API, using this standalone PHP file. I chose to use a standalone PHP script to check the md5sum of WordPress Core files against the API so you’re not dependent on a possibly hacked WordPress installation. This kind of guarantees the result can be trusted, as opposed to using a WordPress plugin. I think this […]

Read More

“Joomla sites misused to deploy malware” – Update

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in […]

Read More

WordPress Crayon Syntax Highlighter Plugin “wp_load” Remote File Inclusion Vulnerability

Charlie Eriksen has discovered a vulnerability in the Crayon Syntax Highlighter plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “wp_load” parameter in wp-content/plugins/crayon-syntax-hightlighter/util/ajax.php and wp-content/plugins/crayon-syntax-hightlighter/util/preview.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from external FTP resources.

Read More