An essential security maintenance function of any WordPress install is performing regular updates. Many people do update the WordPress Core and Plugins; also, it is just as important to update to the latest version of all installed WordPress Themes. Any themes you are not using should be removed.

Examples

29th April 2012 - an exploit was released for the Woothemes Framework. This exploit allows possible code execution through the short code preview function. Version 5.3.10 resolved the issue, but additional fixes were applied to make 5.3.12 the recommended version to stay secure.

August 2011 - an exploit was released for an image function called "timthumb"> This exploit affected many WordPress themes as it was a popular function included with many frameworks, and standalone themes (this not only applied to woothemes).

There have been two critical security vulnerabilities in the past year that affected Woothemes framework based sites. As we see in the charts below, even those websites with significant levels of web traffic appear to have little knowledge or no regard for security updates to WordPress themes.

Research

As we use Woothemes here at HackerTarget.com, we researched a bit further into the woothemes frameworks in the top 1 million websites. The following statistics show the breakdown of the Woothemes Framework versions in use.

WooFramework Versions Compared

This chart shows the detected WooFramework versions of WordPress installs in the top 1 million websites. A total of 2476 Woo Powered sites were detected; note that this only includes sites that have the metagenerator tag enabled.

The next chart shows a simple breakdown of the sites, with the latest version; compared to sites with older versions of the Woothemes Framework. It would not be an unreasonable assumption to predict that many of the 1699 websites with an older version are indeed vulnerable to known security exploits.

Data was collected in mid May; only 31% of Woothemes sites were running the latest version of the framework.

Disabling the Metagenerator Tag

These statistics have been determined by searching for the Metagenerator Tag in the html source. It is easy to remove this information from your Woothemes installation as shown in the following image.

Disabling the metagenerator tag is a good way to remove what security people like to call information disclosure. This is information leakage that allows an attacker to more easily find ways to break into a system. You will, of course, still need to keep all your WordPress bits and pieces up to date; to avoid becoming a victim.

The post Woothemes Framework Update Analysis appeared first on HackerTarget.com.

It had malware inserted into it that is of a much more malicious and spammy nature. Further investigation reveals that ALL of the themes on that site contain basically the same code. This code is not actually “viral”, but it’s definitely malware and it’s worth investigating to see some of the ways people try to hide their spam.

So today, I’m going to dissect it and serve it up on a platter for everybody to see.

Anatomy of a theme malware

Other excellent posts on this topic include:
Jaypee writes on WordPress Theme Malware
Analysis of Top Google Results for Free WordPress Themes

The post Malware in WordPress Themes appeared first on HackerTarget.com.