{"id":26783,"date":"2019-04-15T16:32:45","date_gmt":"2019-04-15T16:32:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30032\/Researcher-With-A-Grudge-Is-Dropping-Web-0days-On-Innocent-Users.html"},"modified":"2019-04-15T16:32:45","modified_gmt":"2019-04-15T16:32:45","slug":"researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/","title":{"rendered":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/08\/hacked-640x438.jpg\" alt=\"Image of ones and zeros with the word \"><\/p>\n<aside id=\"social-left\" aria-label=\"Read the comments or share this article\">\n<h4 class=\"comment-count-before\"><a title=\"69 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2019\/04\/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/?comments=1\">reader comments<\/a><\/h4>\n<p><a title=\"69 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2019\/04\/a-security-researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/?comments=1\"><span class=\"comment-count-number\">122<\/span> <span class=\"visually-hidden\">with 69 posters participating<\/span><\/a><\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/div>\n<\/aside>\n<p>Over the past three weeks, a trio of critical zeroday vulnerabilities in WordPress plugins has exposed 160,000 websites to attacks that allow criminal hackers to redirect unwitting visitors to malicious destinations. A self-proclaimed security provider who publicly disclosed the flaws before patches were available played a key role in the debacle, although delays by plugin developers and site administrators in publishing and installing patches have also contributed.<\/p>\n<p>Over the past week, zeroday vulnerabilities in both the <a href=\"https:\/\/wordpress.org\/plugins\/yuzo-related-post\/\">Yuzo Related Posts<\/a> and <a href=\"https:\/\/wordpress.org\/plugins\/yellow-pencil-visual-theme-customizer\/\">Yellow Pencil Visual Theme Customizer<\/a> WordPress plugins\u2014used by 60,000 and 30,000 websites respectively\u2014have come under attack. Both plugins were removed from the <a href=\"https:\/\/wordpress.org\/plugins\/\">WordPress plugin repository<\/a> around the time the zeroday posts were published, leaving websites little choice than to remove the plugins. On Friday (three days after the vulnerability was disclosed), Yellow Pencil <a href=\"https:\/\/yellowpencil.waspthemes.com\/docs\/important-security-update\/\">issued a patch<\/a>. At the time this post was being reported, Yuzo Related Posts remained closed with no patch available.<\/p>\n<p> In-the-wild exploits against <a href=\"https:\/\/wordpress.org\/plugins\/social-warfare\/\">Social Warfare<\/a>, a plugin used by 70,000 sites, <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/03\/two-serious-wordpress-plugin-vulnerabilities-are-being-exploited-in-the-wild\/\">started three weeks ago<\/a>. Developers for that plugin quickly patched the flaw but not before sites that used it were hacked.<\/p>\n<h2>Scams and online graft<\/h2>\n<p>All three waves of exploits caused sites that used the vulnerable plugins to surreptitiously redirect visitors to sites pushing tech-support scams and other forms of online graft. In all three cases, the exploits came after a site called <a href=\"https:\/\/www.pluginvulnerabilities.com\">Plugin Vulnerabilities<\/a> published detailed disclosures on the underlying vulnerabilities. The posts included enough proof-of-concept exploit code and other technical details to make it trivial to hack vulnerable sites. Indeed, some of the code used in the attacks appeared to have been copied and pasted from the Plugin Vulnerabilities posts.<\/p>\n<p>Within hours of Plugin Vulnerabilities publishing the <a href=\"https:\/\/www.pluginvulnerabilities.com\/2019\/04\/09\/recently-closed-visual-css-style-editor-wordpress-plugin-contains-privilege-escalation-vulnerability-that-leads-to-option-update-vulnerability\/\">Yellow Pencil Visual Theme<\/a> and <a href=\"https:\/\/www.pluginvulnerabilities.com\/2019\/03\/21\/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare\/\">Social Warfare<\/a> disclosures, the zeroday vulnerabilities were actively exploited. It took 11 days after Plugin Vulnerabilities dropped the <a href=\"https:\/\/www.pluginvulnerabilities.com\/2019\/03\/30\/wordpress-plugin-team-paints-target-on-exploitable-settings-change-vulnerability-that-permits-persistent-xss-in-related-posts\/\">Yuzo Related Posts zeroday<\/a> for in-the-wild exploits to be reported. There were no reports of exploits of any of the vulnerabilities prior to the disclosures.<\/p>\n<p>All three of Plugin Vulnerabilities&#8217; zeroday posts came with boilerplate language that said the unnamed author was publishing them to protest &#8220;the moderators of the WordPress Support Forum&#8217;s continued inappropriate behavior.&#8221; The author told Ars that s\/he only tried to notify developers after the zerodays were already published.<\/p>\n<p>&#8220;Our current disclosure policy is to full disclose vulnerabilities and then to try to notify the developer through the WordPress Support Forum, though the moderators there\u2026 too often just delete those messages and not inform anyone about that,&#8221; the author wrote in an email.<\/p>\n<p>According to a <a href=\"https:\/\/warfareplugins.com\/news\/owning-up-and-understanding-what-happened-with-the-zero-day-exploit\/\">blog post<\/a> Social Warfare developer Warfare Plugins published Thursday, here&#8217;s the timeline for March 21, when Plugin Vulnerabilities <a href=\"https:\/\/www.pluginvulnerabilities.com\/2019\/03\/21\/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare\/\">dropped the zeroday for that plugin<\/a>:<\/p>\n<blockquote>\n<p><strong>02:30 PM<\/strong> (approx.) \u2013 An unnamed individual published the exploit for hackers to take advantage of. We don&#8217;t know the exact time of the release because the individual has hidden the publishing time. Attacks on unsuspecting websites begin almost immediately.<\/p>\n<p><strong>02:59 PM<\/strong> \u2013 WordPress discovers the publication of the vulnerability, removes Social Warfare from the WordPress.org repository, and emails our team about the issue.<\/p>\n<p><strong>03:07 PM<\/strong> \u2013 In a responsible, respectable way, WordFence <a href=\"https:\/\/www.wordfence.com\/blog\/2019\/03\/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild\/\">publishes their discovery<\/a> of the publication and vulnerability, giving no details about how to take advantage of the exploit.<\/p>\n<p><strong>03:43 PM<\/strong> \u2013 Every member of the Warfare Plugins team is brought up to speed, given tactical instructions, and begins taking action on the situation in each respective area: <em>development, communications, and customer support<\/em>.<\/p>\n<p><strong>04:21 PM<\/strong> \u2013 A notice saying that we are aware of exploit, along with instructions to disable the plugin until patched, was <a href=\"https:\/\/twitter.com\/warfareplugins\/status\/1108826025188909057\">posted to Twitter<\/a> as well as to our website.<\/p>\n<p><strong>05:37 PM<\/strong> \u2013 Warfare Plugins development team makes final code commits to patch the vulnerability and undo any malicious script injection that was causing sites to be redirected. Internal testing begins.<\/p>\n<p><strong>05:58 PM<\/strong> \u2013 After rigorous internal testing, and sending a patched version to WordPress for review, the new version of Social Warfare (3.5.3) is released.<\/p>\n<p><strong>06:04 PM<\/strong> \u2013 Email to all <em>Social Warfare \u2013 Pro<\/em> customers is sent with details of the vulnerability, and instructions on how to update immediately.<\/p>\n<\/blockquote>\n<h2>No remorse<\/h2>\n<p>The author said s\/he scoured both Yuzo Related Posts and Yellow Pencil for security after noticing they had been removed without explanation from the WordPress plugin repository and becoming suspicious. &#8220;So while our posts could have led to exploitation, it also [sic] possible that a parallel process is happening,&#8221; the author wrote.<\/p>\n<p>The author also pointed out that 11 days passed between the disclosure of the Yuzo Related Posts zeroday and the <a href=\"https:\/\/www.wordfence.com\/blog\/2019\/04\/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild\/\">first known reports it was being exploited<\/a>. Those exploits wouldn&#8217;t have been possible had the developer patched the vulnerability during that interval, the author said.<\/p>\n<p>Asked if there was any remorse for the innocent end users and website owners who were harmed by the exploits, the author said: &#8220;We have no direct knowledge of what any hackers are doing, but it seems likely that our disclosures could have led to exploitation attempts. These full disclosures would have long ago stopped if the moderation of the Support Forum was simply cleaned up, so any damage caused by these could have been avoided, if they would have simply agreed to clean that up.&#8221;<\/p>\n<p>The author declined to provide a name or identify Plugin Vulnerabilities other than to say it was a service provider that finds vulnerabilities in WordPress plugins. &#8220;We are trying to keep ahead of hackers, since our customers pay us to warn them about vulnerabilities in the plugins they use, and it obviously is better to be warning them before they could have been exploited instead of after.&#8221;<\/p>\n<h2>Whois Plugin Vulnerabilities?<\/h2>\n<p>The Plugin Vulnerabilities website has a copyright footer on each page that lists <a href=\"http:\/\/www.whitefirdesign.com\/\">White Fir Designs, LLC<\/a>. Whois records for pluginvulnerabilities.com and whitefirdesign.com also list the owner as White Fir Designs of Greenwood Village, Colorado. A <a href=\"https:\/\/www.sos.state.co.us\/biz\/BusinessEntityCriteriaExt.do\">business database search<\/a> for the state of Colorado shows that White Fir Designs was <a href=\"https:\/\/www.sos.state.co.us\/biz\/ViewImage.do?masterFileId=20061362435&amp;fileId=20061362435\">incorporated in 2006 by someone named John Michael Grillot<\/a>.<\/p>\n<p>The crux of the author&#8217;s beef with WordPress support-forum moderators, according to threads such as <a href=\"https:\/\/www.reddit.com\/r\/Wordpress\/comments\/b3v457\/social_warfare_plugin_has_been_hacked\/ej2o9hs\/\">this one<\/a>, is that they remove his posts and delete his accounts when he discloses unfixed vulnerabilities in public forums. A <a href=\"https:\/\/medium.com\/@xorloop\/wordpress-security-researcher-gone-rogue-a76484ed0fc9\">recent post on Medium<\/a> said he was &#8220;banned for life&#8221; but had vowed to continue the practice indefinitely using made-up accounts. Posts such as <a href=\"https:\/\/www.pluginvulnerabilities.com\/2016\/08\/17\/wordpress-doesnt-fix-severe-vulnerability-in-plugin-and-doesnt-want-to-have-an-honest-discussion-about-the-issue\/\">this one<\/a> show Plugin Vulnerabilities&#8217; public outrage over WordPress support forums has been brewing since at least 2016.<\/p>\n<p>To be sure, there&#8217;s plenty of blame to spread around recent exploits. Volunteer-submitted WordPress plugins have long represented the biggest security risk for sites running WordPress, and so far, developers of the open source CMS haven&#8217;t figured out a way to sufficiently improve the quality. What&#8217;s more, it often takes far too long for plugin developers to fix critical vulnerabilities and for site administrators to install them. Warfare Plugins&#8217; blog post offers one of the best apologies ever for its role in not discovering the critical flaw before it was exploited.<\/p>\n<p>But the bulk of the blame by far goes to a self-described security provider who readily admits to dropping zerodays as a form of protest or, alternatively, as a way to keep customers safe (as if exploit code was necessary to do that). With no apologies and no remorse from the discloser\u2014not to mention a dizzying number of buggy, poorly-audited plugins in the WordPress repository\u2014it wouldn&#8217;t be surprising to see more zeroday disclosures in the coming days.<\/p>\n<p><em>This post was updated to remove incorrect details about White Fir Design.<\/em><\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30032\/Researcher-With-A-Grudge-Is-Dropping-Web-0days-On-Innocent-Users.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":26784,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[6493],"class_list":["post-26783","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflawwordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-15T16:32:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"438\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Researcher With A Grudge Is Dropping Web 0days On Innocent Users\",\"datePublished\":\"2019-04-15T16:32:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/\"},\"wordCount\":1273,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg\",\"keywords\":[\"headline,hacker,flaw,wordpress\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/\",\"name\":\"Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg\",\"datePublished\":\"2019-04-15T16:32:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg\",\"width\":640,\"height\":438},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,wordpress\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawwordpress\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researcher With A Grudge Is Dropping Web 0days On Innocent Users\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/","og_locale":"en_US","og_type":"article","og_title":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-04-15T16:32:45+00:00","og_image":[{"width":640,"height":438,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users","datePublished":"2019-04-15T16:32:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/"},"wordCount":1273,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg","keywords":["headline,hacker,flaw,wordpress"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/","url":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/","name":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg","datePublished":"2019-04-15T16:32:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users.jpg","width":640,"height":438},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/researcher-with-a-grudge-is-dropping-web-0days-on-innocent-users\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,wordpress","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawwordpress\/"},{"@type":"ListItem","position":3,"name":"Researcher With A Grudge Is Dropping Web 0days On Innocent Users"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=26783"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26783\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/26784"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=26783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=26783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=26783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}