Security Bulletins « MonsterMegs Blog

WordPress Security: Serious Vulnerability in WordPress Download Manager

admin
09 12 2014
No Comments;
437 Views

Tweet There is a serious vulnerability in the WordPress Download Manager plugin that allows a remote attacker to upload malicious scripts to your website, gain administrative access and modify passwords. The vulnerability exists in versions of WordPress Download Manager older than 2.7.5. The Changelog confirms this has been fixed as of version 2.7.5. The Problem: WP […]

WordPress Security: Multiple Vulnerabilities in InfiniteWP Admin Panel. Upgrade immediately.

admin
09 12 2014
No Comments;
374 Views

Tweet About an hour ago researcher Walter Hop from Slik BV in the Netherlands disclosed multiple serious vulnerabilities in the InfiniteWP Admin Panel on the Full Disclosure and Bugtraq mailing lists. This admin panel is a standalone PHP application that is installed on a website and used as an interface to manage multiple WordPress websites. The vulnerability includes […]

OpenSSL (Heartbleed) Patched on all MonsterMegs Servers

admin
08 04 2014
No Comments;
241 Views

Tweet As of 9:30AM (CST) on April 8, 2014, all MonsterMegs servers vulnerable to CVE-2014-0160 (Heartbleed) OpenSSL security bug have been patched. This security vulnerability is a widespread issue affecting operating systems globally and not an issue specific to MonsterMegs. OpenSSL is a toolkit which implements SSL/TLS protocols as well as general cryptography for various operating systems. This […]

WordPress wp-login.php Brute Force Attack

admin
12 04 2013
No Comments;
510 Views

Tweet Over the last couple days a huge threat and nuisance has evolved that is effecting nearly all web hosting providers. This brute force attack is being conducted by a large botnet consisting of thousands of unique IP addresses across the world. The attacker is brute force attacking the WordPress administrative portals, using the username "admin" and trying […]