Check Point Blog

Threat Research May 25, 2016

Weaponized WordPress Tools

WordPress is a free, open source content management system (CMS) for creating websites, and is considered to be the most popular blogging system in use. WordPress’ appeal to website developers stems from its  free plugins and themes that…

Read More
Threat Research February 11, 2016

Campaign Targeting WordPress: Users being Redirected to Angler Exploit Kit

In the past week, a massive campaign targeting WordPress-based websites has been reported by several security vendors, including Sucuri and Malwarebytes. In the previous iteration, unsuspecting victims were redirected to domains hosting ads which, if…

Read More
Threat Research September 15, 2015

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ultimatum

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a…

Read More
Threat Research August 11, 2015

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part II – Supremacy

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a…

Read More
Threat Research August 4, 2015

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a…

Read More
Threat Research June 2, 2015

New Vulnerabilities Discovered In WordPress

Not Just Another Broken Link…   Introduction     Check Point researcher Dikla Barda recently discovered critical vulnerabilities in two widely used WordPress plugins: the Broken Link Checker and the Download Manager. These vulnerabilities allow: Access…

Read More
Threat Research April 29, 2015

Threat Alert: WordPress Cross-Site Scripting

Overview   The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full control of the Web server. The attack code targets one…

Read More
Threat Research November 3, 2014

Plugging the Security Hole in a WordPress Plug-In

Check Point researcher, Roi Paz recently discovered a critical vulnerability that would have enabled attackers to steal personal and financial data from thousands of websites and their visitors via the LiveSupporti WordPress plug-in. After being alerted…

Read More